merged.pcap

MD51cd1ea56484846142e58015720fa6d34
Submission Date2021-11-22 18:29:01
Tags(not set)
Alert 35
Showing 1-20 of 35 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2005-01-14T09:58:08.905094-0800200.57.7.20510.52.10.15GPL SNMP public access udp*
2
2005-01-14T09:58:14.907941-0800200.57.7.20510.52.10.15GPL SNMP public access udp*
3
2005-01-14T09:58:20.913970-0800200.57.7.20510.52.10.15GPL SNMP public access udp*
4
2005-05-06T02:42:14.364705-0700192.168.1.14207.46.108.59GPL CHAT MSN user search*
5
2005-05-06T02:43:13.717249-0700192.168.1.14207.46.108.59GPL CHAT MSN user search*
6
2006-08-25T12:36:08.782873-0700192.168.1.2212.72.49.131ET CHAT Skype VOIP Checking Version (Startup)*
7
2006-08-25T12:32:21.808007-0700192.168.1.2212.72.49.131ET CHAT Skype VOIP Checking Version (Startup)*
8
2006-08-25T12:34:05.096863-0700192.168.1.269.114.183.8ET P2P Kazaa over UDP*
9
2011-09-23T13:11:59.760293-0700172.16.0.266.147.240.170ET POLICY HTTP POST contains pass= in cleartext*
10
2011-09-23T13:11:59.760432-0700192.168.43.24466.147.240.170ET POLICY HTTP POST contains pass= in cleartext*
11
2017-07-02T15:20:34.110081-0700192.168.0.106255.255.255.255ET POLICY Dropbox Client Broadcasting*
12
2017-07-02T15:20:24.944089-0700192.168.0.106109.173.11.109ET P2P BitTorrent DHT ping request*
13
2018-08-13T06:34:37.241599-070010.21.1.4546.10.22.5ET P2P BitTorrent DHT ping request*
14
2018-08-13T06:34:57.053088-070010.21.1.45172.217.30.110ET POLICY Python-urllib/ Suspicious User Agent*
15
2018-08-13T06:55:42.881285-070010.21.1.88216.58.202.14ET POLICY Python-urllib/ Suspicious User Agent*
16
2018-08-13T06:55:43.231299-070010.21.1.88172.217.29.132ET POLICY Python-urllib/ Suspicious User Agent*
17
2018-08-13T06:55:47.291301-070010.21.1.88110.52.23.134ET P2P BitTorrent DHT ping request*
18
2018-08-13T06:34:36.788379-070010.21.1.45172.217.30.110ET POLICY Python-urllib/ Suspicious User Agent*
19
2018-08-13T06:56:03.244116-070010.21.1.88172.217.29.142ET POLICY Python-urllib/ Suspicious User Agent*
20
2018-08-13T06:34:37.049607-070010.21.1.45172.217.30.100ET POLICY Python-urllib/ Suspicious User Agent*
DNS 1374
Showing 41-60 of 1,374 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
41
2006-08-25T12:31:21.888273-0700192.168.1.2192.168.1.1query110.187.128.86.in-addr.arpaPTR(not set)
42
2006-08-25T12:31:21.888300-0700192.168.1.2192.168.1.1query79.122.177.24.in-addr.arpaPTR(not set)
43
2006-08-25T12:31:21.927986-0700192.168.1.1192.168.1.2answer110.187.128.86.in-addr.arpaPTR(not set)
44
2006-08-25T12:31:22.096135-0700192.168.1.1192.168.1.2answer126.198.95.68.in-addr.arpaPTR(not set)
45
2006-08-25T12:31:22.120384-0700192.168.1.1192.168.1.2answer79.122.177.24.in-addr.arpaPTR(not set)
46
2006-08-25T12:31:22.645446-0700192.168.1.2192.168.1.1queryhost86-128-187-110.range86-128.btcentralplus.comA(not set)
47
2006-08-25T12:31:22.645512-0700192.168.1.2192.168.1.1queryadsl-68-95-198-126.dsl.wlfrct.sbcglobal.netA(not set)
48
2006-08-25T12:31:22.645546-0700192.168.1.2192.168.1.1query24-177-122-79.dhcp.mdsn.wi.charter.comA(not set)
49
2006-08-25T12:31:22.648399-0700192.168.1.1192.168.1.2answerhost86-128-187-110.range86-128.btcentralplus.comA(not set)
50
2006-08-25T12:31:22.650811-0700192.168.1.1192.168.1.2answeradsl-68-95-198-126.dsl.wlfrct.sbcglobal.netA(not set)
51
2006-08-25T12:31:22.653084-0700192.168.1.1192.168.1.2answer24-177-122-79.dhcp.mdsn.wi.charter.comA(not set)
52
2006-08-25T12:31:35.391134-0700192.168.1.2192.168.1.1query119.70.32.68.in-addr.arpaPTR(not set)
53
2006-08-25T12:31:35.497702-0700192.168.1.1192.168.1.2answer119.70.32.68.in-addr.arpaPTR(not set)
54
2006-08-25T12:31:36.144344-0700192.168.1.2192.168.1.1queryc-68-32-70-119.hsd1.ga.comcast.netA(not set)
55
2006-08-25T12:31:36.146941-0700192.168.1.1192.168.1.2answerc-68-32-70-119.hsd1.ga.comcast.netA(not set)
56
2006-08-25T12:32:06.951344-0700192.168.1.2192.168.1.1query238.95.197.86.in-addr.arpaPTR(not set)
57
2006-08-25T12:32:07.004326-0700192.168.1.1192.168.1.2answer238.95.197.86.in-addr.arpaPTR(not set)
58
2006-08-25T12:32:07.701231-0700192.168.1.2192.168.1.1queryAMarseille-253-1-68-238.w86-197.abo.wanadoo.frA(not set)
59
2006-08-25T12:32:07.703866-0700192.168.1.1192.168.1.2answerAMarseille-253-1-68-238.w86-197.abo.wanadoo.frA(not set)
60
2006-08-25T12:32:08.451119-0700192.168.1.2192.168.1.1query81.70.31.86.in-addr.arpaPTR(not set)
TLS 64
Showing 1-20 of 64 items.
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
1
2017-07-02T15:20:34.279553-0700192.168.0.10635.160.100.86TLS 1.2addons.mozilla.org
2
2017-07-02T15:20:33.559648-0700192.168.0.10635.160.100.86TLS 1.2addons.mozilla.org
3
2017-07-02T15:20:36.867925-0700192.168.0.10654.187.128.85TLS 1.2oauth.accounts.firefox.com
4
2017-07-02T15:20:34.387320-0700192.168.0.10635.160.100.86TLS 1.2addons.mozilla.org
5
2017-07-02T15:20:35.427278-0700192.168.0.106172.217.29.238TLS 1.2translate.google.com
6
2017-07-02T15:20:35.630035-0700192.168.0.10654.187.128.85TLS 1.2oauth.accounts.firefox.com
7
2017-07-02T15:20:37.615894-0700192.168.0.10654.192.226.174TLS 1.2snippets.cdn.mozilla.net
8
2017-07-02T15:20:37.624410-0700192.168.0.10654.69.106.30TLS 1.2accounts.firefox.com
9
2017-07-02T15:20:38.535015-0700192.168.0.10652.17.122.61TLS 1.2location.services.mozilla.com
10
2017-07-02T15:20:37.411042-0700192.168.0.106172.217.29.100TLS 1.2www.google.com
11
2017-07-02T15:20:37.605273-0700192.168.0.10654.192.226.174TLS 1.2snippets.cdn.mozilla.net
12
2017-07-02T15:20:40.202010-0700192.168.0.10635.160.100.86TLS 1.2addons.mozilla.org
13
2017-07-02T15:20:41.271164-0700192.168.0.10652.39.237.157TLS 1.2self-repair.mozilla.org
14
2017-07-02T15:20:38.534966-0700192.168.0.10654.69.106.30TLS 1.2accounts.firefox.com
15
2017-07-02T15:20:41.836615-0700192.168.0.10654.192.227.96TLS 1.2normandy-cloudfront.cdn.mozilla.net
16
2017-07-02T15:21:03.457984-0700192.168.0.106216.58.222.42TLS 1.2translate.googleapis.com
17
2017-07-02T15:21:04.527394-0700192.168.0.106172.217.29.99TLS 1.2www.gstatic.com
18
2017-07-02T15:21:19.971634-0700192.168.0.106172.217.29.110TLS 1.2sb-ssl.google.com
19
2017-07-02T15:21:03.143734-0700192.168.0.106216.58.222.42TLS 1.2translate.googleapis.com
20
2017-07-02T15:21:03.376975-0700192.168.0.106216.58.222.42TLS 1.2translate.googleapis.com
TFTP 1
Showing 1-1 of 1 item.
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
12013-05-01T05:24:11.972852-0700192.168.0.253192.168.0.10readrfc1350.txtoctet
HTTP 670
Showing 1-20 of 670 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2005-01-14T09:58:05.638272-0800200.57.7.204200.57.7.19480GET/cems/META-INF/services/javax.xml.parsers.SAXParserFactory403
2
2005-01-14T09:58:07.444067-0800200.57.7.204200.57.7.19480GET/cems/META-INF/services/javax.xml.parsers.SAXParserFactory403
3
2005-01-14T09:58:07.444203-0800200.57.7.204200.57.7.19480GET/cems/META-INF/services/javax.xml.parsers.SAXParserFactory403
4
2005-01-14T09:58:07.324482-0800200.57.7.204200.57.7.19480POST/cems/applets/serviceRouter200
5
2005-01-14T09:58:07.756923-0800200.57.7.204200.57.7.19480POST/cems/applets/serviceRouter200
6
2005-01-14T09:58:07.945685-0800200.57.7.204200.57.7.19480GET/cems/META-INF/services/javax.xml.parsers.SAXParserFactory403
7
2005-01-14T09:58:07.945728-0800200.57.7.204200.57.7.19480GET/cems/META-INF/services/javax.xml.parsers.SAXParserFactory403
8
2005-01-14T09:58:07.945874-0800200.57.7.204200.57.7.19480GET/cems/META-INF/services/javax.xml.parsers.SAXParserFactory403
9
2005-01-14T09:58:07.444128-0800200.57.7.204200.57.7.19480GET/cems/META-INF/services/javax.xml.parsers.SAXParserFactory403
10
2005-01-14T09:58:05.712327-0800200.57.7.204200.57.7.19480POST/cems/applets/serviceRouter200
11
2005-01-14T09:58:07.830220-0800200.57.7.204200.57.7.19480POST/cems/applets/serviceRouter200
12
2005-01-14T09:58:07.845352-0800200.57.7.204200.57.7.19480GET/cems/META-INF/services/javax.xml.parsers.SAXParserFactory403
13
2005-01-14T09:58:07.945802-0800200.57.7.204200.57.7.19480GET/cems/META-INF/services/javax.xml.parsers.SAXParserFactory403
14
2005-01-14T09:58:05.838948-0800200.57.7.204200.57.7.19480GET/cems/META-INF/services/javax.xml.parsers.SAXParserFactory403
15
2005-01-14T09:58:10.854970-0800200.57.7.204200.57.7.19480GET/cems/META-INF/services/javax.xml.parsers.SAXParserFactory403
16
2005-01-14T09:58:07.711059-0800200.57.7.204200.57.7.19480POST/cems/applets/serviceRouter200
17
2005-01-14T09:58:07.845409-0800200.57.7.204200.57.7.19480GET/cems/META-INF/services/javax.xml.parsers.SAXParserFactory403
18
2005-01-14T09:58:10.916214-0800200.57.7.204200.57.7.19480POST/cems/applets/serviceRouter200
19
2005-01-14T09:58:11.055661-0800200.57.7.204200.57.7.19480GET/cems/META-INF/services/javax.xml.parsers.SAXParserFactory403
20
2005-01-14T09:58:16.116227-0800200.57.7.204200.57.7.19480POST/cems/applets/serviceRouter200
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 5
Showing 1-5 of 5 items.
#
TimestampSourceDestinationEmail FromEmail ToSubject
1
2013-08-22T12:17:56.649185-0700192.168.0.4212.227.15.167DI <digitalinvestigator@networksims.com>w.buchanan@napier.ac.ukTesting
2
2014-01-06T13:20:26.759146-0800192.168.47.171192.168.47.134"Bill" <w.buchanan@napier.ac.uk><test@home.com>Test
3
2015-12-29T11:13:51.630178-0800172.16.16.221172.16.16.231Chris Sanders <sanders@skynet.local>Chris Sanders <sanders@cyberdyne.local>Help!
4
2015-12-29T11:14:08.908722-0800172.16.16.225172.16.16.221Chris Sanders <sanders@skynet.local>Chris Sanders <sanders@cyberdyne.local>Help!
5
2017-07-02T15:20:34.040092-0700172.16.16.225172.16.16.221(not set)(not set)(not set)
Flow 1143
Showing 81-100 of 1,143 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
81
2005-07-16T07:29:32.065625-070087852414562337flow192.168.1.141221207.46.108.591863TCPpcapanalyzer
82
2005-07-16T07:29:32.065625-07001495699649864936flow192.168.1.141037207.46.107.1491863TCPpcapanalyzer
83
2005-07-16T07:29:32.065625-07001232509048645258flow220.175.8.564509680.171.48.11027UDPpcapanalyzer
84
2005-07-16T07:29:32.065625-07002079065740782284flow192.168.1.141208207.46.108.831863TCPpcapanalyzer
85
2005-07-16T07:29:32.065625-0700255507124346372flow70.85.177.1863695880.171.48.11027UDPpcapanalyzer
86
2005-07-16T07:29:32.065625-07001538453982804335flow192.168.1.141220207.46.108.1501863TCPpcapanalyzer
87
2005-07-16T07:29:32.065625-07001399397892354895flow192.168.1.141176207.46.108.391863TCPpcapanalyzer
88
2005-07-16T07:29:32.065625-07001265631896675911flow61.239.151.1292671380.171.48.11026UDPpcapanalyzer
89
2006-08-25T12:31:20.388422-0700707220485606888flow81.131.67.131167783.53.165.2356346TCPpcapanalyzer
90
2006-08-25T12:31:20.388422-07001701681508157976flow81.131.67.1314173062.34.123.2446346UDPpcapanalyzer
91
2006-08-25T12:31:20.388422-07001567966291839101flow67.111.163.612148581.131.67.1311026UDPpcapanalyzer
92
2006-08-25T12:31:20.388422-07001711753206432810flow81.131.67.13141730213.189.168.2066346UDPpcapanalyzer
93
2006-08-25T12:31:20.388422-07001854468528252679flow172.201.93.149198381.131.67.13141170UDPpcapanalyzer
94
2006-08-25T12:31:20.388422-070047519951693033flow81.131.67.1314173083.116.155.576346UDPpcapanalyzer
95
2006-08-25T12:31:20.388422-07001318095831772936flow81.131.67.1314173065.43.223.206346UDPpcapanalyzer
96
2006-08-25T12:31:20.388422-07001605076955871092flow213.19.160.1908081.131.67.1312810TCPpcapanalyzer
97
2006-08-25T12:31:20.388422-070057310329543998flow81.131.67.1314173082.171.96.1796346UDPpcapanalyzer
98
2006-08-25T12:31:20.388422-07001758997847071303flow81.131.67.1314173084.97.114.1266347UDPpcapanalyzer
99
2006-08-25T12:31:20.388422-0700916215741945680flow81.131.67.1314173080.185.105.196346UDPpcapanalyzer
100
2006-08-25T12:31:20.388422-07002047632534176713flow81.131.67.13141730139.55.21.3563346UDPpcapanalyzer
File 670
Showing 21-40 of 670 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
21
2005-01-14T09:58:07.711059-0800200.57.7.194200.57.7.204/cems/applets/serviceRouterXML 1.0 document, ASCII text, with CRLF, LF line terminators5560
22
2005-01-14T09:58:07.845409-0800200.57.7.194200.57.7.204/cems/META-INF/services/javax.xml.parsers.SAXParserFactoryHTML document, ASCII text1157
23
2005-01-14T09:58:10.910334-0800200.57.7.204200.57.7.194/cems/applets/serviceRouterXML 1.0 document, ASCII text, with CRLF, LF line terminators292
24
2005-01-14T09:58:10.916214-0800200.57.7.194200.57.7.204/cems/applets/serviceRouterXML 1.0 document, ASCII text, with CRLF, LF line terminators4748
25
2005-01-14T09:58:11.055661-0800200.57.7.194200.57.7.204/cems/META-INF/services/javax.xml.parsers.SAXParserFactoryHTML document, ASCII text1157
26
2005-01-14T09:58:16.112626-0800200.57.7.204200.57.7.194/cems/applets/serviceRouterXML 1.0 document, ASCII text, with CRLF, LF line terminators292
27
2005-01-14T09:58:16.116227-0800200.57.7.194200.57.7.204/cems/applets/serviceRouterXML 1.0 document, ASCII text, with CRLF, LF line terminators4748
28
2005-01-14T09:58:16.272325-0800200.57.7.194200.57.7.204/cems/META-INF/services/javax.xml.parsers.SAXParserFactoryHTML document, ASCII text1157
29
2005-01-14T09:58:16.071665-0800200.57.7.194200.57.7.204/cems/META-INF/services/javax.xml.parsers.SAXParserFactoryHTML document, ASCII text1157
30
2005-01-14T09:58:21.273434-0800200.57.7.204200.57.7.194/cems/applets/serviceRouterXML 1.0 document, ASCII text, with CRLF, LF line terminators292
31
2005-01-14T09:58:21.314567-0800200.57.7.194200.57.7.204/cems/applets/serviceRouterXML 1.0 document, ASCII text, with CRLF, LF line terminators4748
32
2005-01-14T09:58:21.327794-0800200.57.7.194200.57.7.204/cems/META-INF/services/javax.xml.parsers.SAXParserFactoryHTML document, ASCII text1157
33
2005-01-14T09:58:21.288394-0800200.57.7.194200.57.7.204/cems/META-INF/services/javax.xml.parsers.SAXParserFactoryHTML document, ASCII text1157
34
2005-01-14T09:58:26.500827-0800200.57.7.204200.57.7.194/cems/applets/serviceRouterXML 1.0 document, ASCII text, with CRLF, LF line terminators292
35
2005-01-14T09:58:26.505108-0800200.57.7.194200.57.7.204/cems/META-INF/services/javax.xml.parsers.SAXParserFactoryHTML document, ASCII text1157
36
2005-01-14T09:58:26.520837-0800200.57.7.194200.57.7.204/cems/applets/serviceRouterXML 1.0 document, ASCII text, with CRLF, LF line terminators4748
37
2005-01-14T09:58:26.705737-0800200.57.7.194200.57.7.204/cems/META-INF/services/javax.xml.parsers.SAXParserFactoryHTML document, ASCII text1157
38
2005-01-14T09:58:36.838213-0800200.57.7.194200.57.7.204/cems/META-INF/services/javax.xml.parsers.SAXParserFactoryHTML document, ASCII text1157
39
2005-01-14T09:58:31.713280-0800200.57.7.204200.57.7.194/cems/applets/serviceRouterXML 1.0 document, ASCII text, with CRLF, LF line terminators292
40
2005-01-14T09:58:31.716990-0800200.57.7.194200.57.7.204/cems/applets/serviceRouterXML 1.0 document, ASCII text, with CRLF, LF line terminators4748

Comments(not set)

Update Download PCAP Delete