merged.pcap

MD51cd1ea56484846142e58015720fa6d34
Submission Date2021-11-22 18:29:01
Tags(not set)
Alert 35
Showing 21-35 of 35 items.
#
TimestampSrc IpDest IpAlert SignatureP
21
2018-08-20T11:10:00.968301-070010.21.1.98216.58.202.100ET POLICY Python-urllib/ Suspicious User Agent*
22
2018-08-20T11:10:01.427558-070010.21.1.9876.170.101.26ET P2P BitTorrent DHT ping request*
23
2018-08-13T06:34:57.370487-070010.21.1.45172.217.30.100ET POLICY Python-urllib/ Suspicious User Agent*
24
2018-08-20T11:10:10.799502-070010.21.1.98216.58.202.110ET POLICY Python-urllib/ Suspicious User Agent*
25
2018-08-20T11:10:10.924986-070010.21.1.98216.58.202.100ET POLICY Python-urllib/ Suspicious User Agent*
26
2018-08-13T06:34:47.053524-070010.21.1.45172.217.30.110ET POLICY Python-urllib/ Suspicious User Agent*
27
2018-08-13T06:34:47.251858-070010.21.1.45172.217.30.100ET POLICY Python-urllib/ Suspicious User Agent*
28
2018-08-13T06:55:53.408481-070010.21.1.88216.58.202.132ET POLICY Python-urllib/ Suspicious User Agent*
29
2018-08-13T06:56:13.448245-070010.21.1.88172.217.29.206ET POLICY Python-urllib/ Suspicious User Agent*
30
2018-08-20T11:10:00.790323-070010.21.1.98216.58.202.110ET POLICY Python-urllib/ Suspicious User Agent*
31
2018-08-13T06:55:53.053898-070010.21.1.88172.217.29.142ET POLICY Python-urllib/ Suspicious User Agent*
32
2018-08-13T06:56:03.600076-070010.21.1.88216.58.202.132ET POLICY Python-urllib/ Suspicious User Agent*
33
2018-08-20T11:10:20.805078-070010.21.1.98216.58.202.110ET POLICY Python-urllib/ Suspicious User Agent*
34
2018-08-13T06:56:13.834757-070010.21.1.88172.217.30.100ET POLICY Python-urllib/ Suspicious User Agent*
35
2018-08-20T11:10:20.936296-070010.21.1.98216.58.202.100ET POLICY Python-urllib/ Suspicious User Agent*
DNS 1374
Showing 1-20 of 1,374 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2005-07-16T07:29:32.596875-070081.131.67.131213.120.62.99queryftp.ipv6.uni-leipzig.deAAAA(not set)
2
2005-07-16T07:29:33.596875-070081.131.67.131213.120.62.99queryftp.ipv6.uni-leipzig.deAAAA(not set)
3
2005-07-16T07:29:34.596875-070081.131.67.131213.120.62.99queryftp.ipv6.uni-leipzig.deAAAA(not set)
4
2005-07-16T07:29:34.753125-0700213.120.62.9981.131.67.131answerftp.ipv6.uni-leipzig.deAAAA(not set)
5
2005-07-16T07:29:36.441602-0700213.120.62.9981.131.67.131answerftp.ipv6.uni-leipzig.deAAAA(not set)
6
2005-07-16T07:29:37.271680-0700213.120.62.9981.131.67.131answerftp.ipv6.uni-leipzig.deAAAA(not set)
7
2006-08-25T12:32:21.664799-0700192.168.1.2192.168.1.1queryui.skype.comA(not set)
8
2006-08-25T12:32:21.664914-0700192.168.1.2192.168.1.1queryui.skype.comAAAA(not set)
9
2006-08-25T12:32:21.698599-0700192.168.1.1192.168.1.2answerui.skype.comA(not set)
10
2006-08-25T12:32:23.172938-0700192.168.1.2192.168.1.1queryui.skype.comAAAA(not set)
11
2006-08-25T12:32:23.994435-0700192.168.1.1192.168.1.2answerui.skype.comAAAA(not set)
12
2006-08-25T12:32:24.673656-0700192.168.1.2192.168.1.1queryui.skype.comAAAA(not set)
13
2006-08-25T12:32:25.009057-0700192.168.1.1192.168.1.2answerui.skype.comAAAA(not set)
14
2006-08-25T12:32:26.174411-0700192.168.1.2192.168.1.1queryui.skype.comAAAA(not set)
15
2006-08-25T12:32:26.663468-0700192.168.1.1192.168.1.2answerui.skype.comAAAA(not set)
16
2006-08-25T12:32:26.663826-0700192.168.1.2192.168.1.1queryui.skype.comAAAA(not set)
17
2006-08-25T12:32:27.152203-0700192.168.1.1192.168.1.2answerui.skype.comAAAA(not set)
18
2006-08-25T12:31:06.890652-0700192.168.1.2192.168.1.1query2.1.168.192.in-addr.arpaPTR(not set)
19
2006-08-25T12:31:06.890808-0700192.168.1.2192.168.1.1query114.214.204.212.in-addr.arpaPTR(not set)
20
2006-08-25T12:31:06.924944-0700192.168.1.1192.168.1.2answer2.1.168.192.in-addr.arpaPTR(not set)
TLS 64
Showing 1-20 of 64 items.
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
1
2017-07-02T15:20:34.279553-0700192.168.0.10635.160.100.86TLS 1.2addons.mozilla.org
2
2017-07-02T15:20:33.559648-0700192.168.0.10635.160.100.86TLS 1.2addons.mozilla.org
3
2017-07-02T15:20:36.867925-0700192.168.0.10654.187.128.85TLS 1.2oauth.accounts.firefox.com
4
2017-07-02T15:20:34.387320-0700192.168.0.10635.160.100.86TLS 1.2addons.mozilla.org
5
2017-07-02T15:20:35.427278-0700192.168.0.106172.217.29.238TLS 1.2translate.google.com
6
2017-07-02T15:20:35.630035-0700192.168.0.10654.187.128.85TLS 1.2oauth.accounts.firefox.com
7
2017-07-02T15:20:37.615894-0700192.168.0.10654.192.226.174TLS 1.2snippets.cdn.mozilla.net
8
2017-07-02T15:20:37.624410-0700192.168.0.10654.69.106.30TLS 1.2accounts.firefox.com
9
2017-07-02T15:20:38.535015-0700192.168.0.10652.17.122.61TLS 1.2location.services.mozilla.com
10
2017-07-02T15:20:37.411042-0700192.168.0.106172.217.29.100TLS 1.2www.google.com
11
2017-07-02T15:20:37.605273-0700192.168.0.10654.192.226.174TLS 1.2snippets.cdn.mozilla.net
12
2017-07-02T15:20:40.202010-0700192.168.0.10635.160.100.86TLS 1.2addons.mozilla.org
13
2017-07-02T15:20:41.271164-0700192.168.0.10652.39.237.157TLS 1.2self-repair.mozilla.org
14
2017-07-02T15:20:38.534966-0700192.168.0.10654.69.106.30TLS 1.2accounts.firefox.com
15
2017-07-02T15:20:41.836615-0700192.168.0.10654.192.227.96TLS 1.2normandy-cloudfront.cdn.mozilla.net
16
2017-07-02T15:21:03.457984-0700192.168.0.106216.58.222.42TLS 1.2translate.googleapis.com
17
2017-07-02T15:21:04.527394-0700192.168.0.106172.217.29.99TLS 1.2www.gstatic.com
18
2017-07-02T15:21:19.971634-0700192.168.0.106172.217.29.110TLS 1.2sb-ssl.google.com
19
2017-07-02T15:21:03.143734-0700192.168.0.106216.58.222.42TLS 1.2translate.googleapis.com
20
2017-07-02T15:21:03.376975-0700192.168.0.106216.58.222.42TLS 1.2translate.googleapis.com
TFTP 1
Showing 1-1 of 1 item.
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
12013-05-01T05:24:11.972852-0700192.168.0.253192.168.0.10readrfc1350.txtoctet
HTTP 670
Showing 121-140 of 670 items.
#
TimestampSourceHostnamePortMethodURLStatus
121
2011-09-23T13:12:08.057382-0700192.168.43.244www.epoca2011.org2095GET/horde/login.php?frameset_loaded=1200
122
2011-09-23T13:12:08.057514-0700192.168.43.244www.epoca2011.org2095GET/horde/services/javascript.php?file=tree.js&app=horde200
123
2011-09-23T13:12:08.669845-0700172.16.0.2www.epoca2011.org2095GET/horde/imp/themes/screen.css200
124
2011-09-23T13:12:09.594238-0700172.16.0.2www.epoca2011.org2095GET/horde/turba/themes/screen.css200
125
2011-09-23T13:12:09.010240-0700192.168.43.244www.epoca2011.org2095GET/horde/kronolith/themes/screen.css200
126
2011-09-23T13:12:08.669986-0700192.168.43.244www.epoca2011.org2095GET/horde/imp/themes/screen.css200
127
2011-09-23T13:12:09.612845-0700172.16.0.2www.epoca2011.org2095GET/horde/js/popup.js200
128
2011-09-23T13:12:09.019992-0700192.168.43.244www.epoca2011.org2095GET/horde/kronolith/themes/bluewhite/screen.css200
129
2011-09-23T13:12:08.976589-0700172.16.0.2www.epoca2011.org2095GET/horde/imp/themes/bluewhite/screen.css200
130
2011-09-23T13:12:10.207982-0700172.16.0.2www.epoca2011.org2095GET/horde/imp/themes/graphics/imp.png200
131
2011-09-23T13:12:09.070739-0700192.168.43.244www.epoca2011.org2095GET/horde/ingo/themes/screen.css200
132
2011-09-23T13:12:08.976734-0700192.168.43.244www.epoca2011.org2095GET/horde/imp/themes/bluewhite/screen.css200
133
2011-09-23T13:12:09.131542-0700192.168.43.244www.epoca2011.org2095GET/horde/nag/themes/screen.css200
134
2011-09-23T13:12:09.010112-0700172.16.0.2www.epoca2011.org2095GET/horde/kronolith/themes/screen.css200
135
2011-09-23T13:12:10.211389-0700172.16.0.2www.epoca2011.org2095GET/horde/mimp/themes/graphics/mimp.png200
136
2011-09-23T13:12:09.594200-0700192.168.43.244www.epoca2011.org2095GET/horde/mnemo/themes/bluewhite/screen.css200
137
2011-09-23T13:12:10.824160-0700172.16.0.2www.epoca2011.org2095GET/horde/nag/themes/graphics/nag.png200
138
2011-09-23T13:12:09.070603-0700172.16.0.2www.epoca2011.org2095GET/horde/ingo/themes/screen.css200
139
2011-09-23T13:12:09.594322-0700192.168.43.244www.epoca2011.org2095GET/horde/turba/themes/screen.css200
140
2011-09-23T13:12:10.825773-0700172.16.0.2www.epoca2011.org2095GET/horde/themes/graphics/prefs.png200
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 5
Showing 1-5 of 5 items.
#
TimestampSourceDestinationEmail FromEmail ToSubject
1
2013-08-22T12:17:56.649185-0700192.168.0.4212.227.15.167DI <digitalinvestigator@networksims.com>w.buchanan@napier.ac.ukTesting
2
2014-01-06T13:20:26.759146-0800192.168.47.171192.168.47.134"Bill" <w.buchanan@napier.ac.uk><test@home.com>Test
3
2015-12-29T11:13:51.630178-0800172.16.16.221172.16.16.231Chris Sanders <sanders@skynet.local>Chris Sanders <sanders@cyberdyne.local>Help!
4
2015-12-29T11:14:08.908722-0800172.16.16.225172.16.16.221Chris Sanders <sanders@skynet.local>Chris Sanders <sanders@cyberdyne.local>Help!
5
2017-07-02T15:20:34.040092-0700172.16.16.225172.16.16.221(not set)(not set)(not set)
Flow 1143
Showing 1-20 of 1,143 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2002-07-25T23:19:03.543641-070047072469784406flow10.1.3.143500010.1.6.182006UDPpcapanalyzer
2
2005-01-14T09:58:05.638272-0800161030837428135flow10.1.6.18200710.1.3.1435001UDPpcapanalyzer
3
2005-01-14T09:58:05.638272-080047072469838750flow10.1.6.18200610.1.3.1435000UDPpcapanalyzer
4
2005-01-14T09:58:05.638272-08001672288094489009flow10.1.3.1433280310.1.6.181720TCPpcapanalyzer
5
2005-01-14T09:58:05.638272-08002108609527171034flow10.1.3.1433280410.1.6.181232TCPpcapanalyzer
6
2005-07-16T07:29:32.065625-0700140879359696387flow200.57.7.2044338200.57.7.19480TCPpcapanalyzer
7
2005-07-16T07:29:32.065625-07002113396778721426flow200.57.7.20230000200.57.7.19640362UDPpcapanalyzer
8
2005-07-16T07:29:32.065625-0700990073852147903flow200.57.7.2044573200.57.7.19480TCPpcapanalyzer
9
2005-07-16T07:29:32.065625-07001694087709946134flow200.57.7.1972428200.57.7.1992424UDPpcapanalyzer
10
2005-07-16T07:29:32.065625-07001413372943574856flow200.57.7.2054314200.73.183.213110TCPpcapanalyzer
11
2005-07-16T07:29:32.065625-0700991209869738086flow200.57.7.2044558200.57.7.19480TCPpcapanalyzer
12
2005-07-16T07:29:32.065625-07001977435293762074flow200.57.7.2041047207.46.107.1651863TCPpcapanalyzer
13
2005-07-16T07:29:32.065625-0700713703442857994flow200.57.7.2044565200.57.7.19480TCPpcapanalyzer
14
2005-07-16T07:29:32.065625-070016550794046159flow200.57.7.1952427200.57.7.2029693UDPpcapanalyzer
15
2005-07-16T07:29:32.065625-070016576563584556flow200.57.7.2044559200.57.7.19480TCPpcapanalyzer
16
2005-07-16T07:29:32.065625-07002133007598353108flow200.57.7.19523200.57.7.2053432TCPpcapanalyzer
17
2005-07-16T07:29:32.065625-07001571421296763843flow200.57.7.2044563200.57.7.19480TCPpcapanalyzer
18
2005-07-16T07:29:32.065625-07001011138518113258flow200.57.7.2044218200.57.7.19480TCPpcapanalyzer
19
2005-07-16T07:29:32.065625-07001856065959173428flow200.57.7.2044556200.57.7.19480TCPpcapanalyzer
20
2005-07-16T07:29:32.065625-07001293255592435337flow200.57.7.2044372200.57.7.19480TCPpcapanalyzer
File 670
Showing 41-60 of 670 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
41
2005-01-14T09:58:31.721785-0800200.57.7.194200.57.7.204/cems/META-INF/services/javax.xml.parsers.SAXParserFactoryHTML document, ASCII text1157
42
2005-01-14T09:58:36.860998-0800200.57.7.204200.57.7.194/cems/applets/serviceRouterXML 1.0 document, ASCII text, with CRLF, LF line terminators292
43
2005-01-14T09:58:31.822149-0800200.57.7.194200.57.7.204/cems/META-INF/services/javax.xml.parsers.SAXParserFactoryHTML document, ASCII text1157
44
2005-01-14T09:58:36.920876-0800200.57.7.194200.57.7.204/cems/applets/serviceRouterXML 1.0 document, ASCII text, with CRLF, LF line terminators4748
45
2005-01-14T09:58:37.038854-0800200.57.7.194200.57.7.204/cems/META-INF/services/javax.xml.parsers.SAXParserFactoryHTML document, ASCII text1157
46
2005-07-16T07:29:53.644727-0700213.19.160.19081.131.67.131/msdownload/update/v5/psf/windowsxp-sp2-x86fre-usa-2180_056b2b38baf5620be85ddd58141b073bc0b06a1d.psfdata3385
47
2005-07-16T07:31:24.925227-0700213.19.160.19081.131.67.131/msdownload/update/v5/psf/windowsxp-sp2-x86fre-usa-2180_056b2b38baf5620be85ddd58141b073bc0b06a1d.psfdata3349
48
2011-09-23T13:11:33.751015-0700172.16.0.266.147.240.170/login/ASCII text, with no line terminators109
49
2005-07-16T07:31:44.097102-0700213.19.160.19081.131.67.131/msdownload/update/v5/psf/windowsxp-sp2-x86fre-usa-2180_056b2b38baf5620be85ddd58141b073bc0b06a1d.psfdata3349
50
2011-09-23T13:11:33.956561-070066.147.240.170172.16.0.2/login/HTML document, ASCII text153
51
2006-08-25T12:36:08.782873-0700212.72.49.131192.168.1.2/ui/2/1.2.0.18/en/getlatestversionASCII text, with no line terminators7
52
2011-09-23T13:11:37.338468-070066.147.240.170172.16.0.2/webmail/hostmonster/index.htmlHTML document, ASCII text, with very long lines27031
53
2011-09-23T13:11:37.338698-070066.147.240.170192.168.43.244/webmail/hostmonster/index.htmlHTML document, ASCII text, with very long lines27031
54
2011-09-23T13:11:38.870924-070066.147.240.170172.16.0.2/cPanel_magic_revision_1214446472/branding/hostmonster/local.cssASCII text2158
55
2011-09-23T13:11:39.485929-070066.147.240.170192.168.43.244/cPanel_magic_revision_1186002120/webmail/hostmonster/branding/top-logo.pngGIF image data, version 89a, 5 x 545
56
2011-09-23T13:11:39.485791-070066.147.240.170172.16.0.2/cPanel_magic_revision_1186002120/webmail/hostmonster/branding/top-logo.pngGIF image data, version 89a, 5 x 545
57
2011-09-23T13:11:40.304269-070066.147.240.170192.168.43.244/cPanel_magic_revision_1314051899/webmail/hostmonster/css/combined_optimized.cssASCII text, with very long lines, with no line terminators30147
58
2011-09-23T13:11:41.328966-070066.147.240.170192.168.43.244/webmail/x3/images/horde.gifGIF image data, version 89a, 133 x 451579
59
2011-09-23T13:11:45.539099-070066.147.240.170192.168.43.244/cPanel_magic_revision_1181099247/webmail/hostmonster/branding/password.jpgJPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 32x32, frames 31263
60
2011-09-23T13:11:46.555704-070066.147.240.170192.168.43.244/cPanel_magic_revision_1314051927/webmail/hostmonster/js/x3_optimized.jsASCII text, with very long lines, with no line terminators33287

Comments(not set)

Update Download PCAP Delete