merged.pcap

MD51cd1ea56484846142e58015720fa6d34
Submission Date2021-11-22 18:29:01
Tags(not set)
Alert 35
Showing 1-20 of 35 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2005-01-14T09:58:08.905094-0800200.57.7.20510.52.10.15GPL SNMP public access udp*
2
2005-01-14T09:58:14.907941-0800200.57.7.20510.52.10.15GPL SNMP public access udp*
3
2005-01-14T09:58:20.913970-0800200.57.7.20510.52.10.15GPL SNMP public access udp*
4
2005-05-06T02:42:14.364705-0700192.168.1.14207.46.108.59GPL CHAT MSN user search*
5
2005-05-06T02:43:13.717249-0700192.168.1.14207.46.108.59GPL CHAT MSN user search*
6
2006-08-25T12:36:08.782873-0700192.168.1.2212.72.49.131ET CHAT Skype VOIP Checking Version (Startup)*
7
2006-08-25T12:32:21.808007-0700192.168.1.2212.72.49.131ET CHAT Skype VOIP Checking Version (Startup)*
8
2006-08-25T12:34:05.096863-0700192.168.1.269.114.183.8ET P2P Kazaa over UDP*
9
2011-09-23T13:11:59.760293-0700172.16.0.266.147.240.170ET POLICY HTTP POST contains pass= in cleartext*
10
2011-09-23T13:11:59.760432-0700192.168.43.24466.147.240.170ET POLICY HTTP POST contains pass= in cleartext*
11
2017-07-02T15:20:34.110081-0700192.168.0.106255.255.255.255ET POLICY Dropbox Client Broadcasting*
12
2017-07-02T15:20:24.944089-0700192.168.0.106109.173.11.109ET P2P BitTorrent DHT ping request*
13
2018-08-13T06:34:37.241599-070010.21.1.4546.10.22.5ET P2P BitTorrent DHT ping request*
14
2018-08-13T06:34:57.053088-070010.21.1.45172.217.30.110ET POLICY Python-urllib/ Suspicious User Agent*
15
2018-08-13T06:55:42.881285-070010.21.1.88216.58.202.14ET POLICY Python-urllib/ Suspicious User Agent*
16
2018-08-13T06:55:43.231299-070010.21.1.88172.217.29.132ET POLICY Python-urllib/ Suspicious User Agent*
17
2018-08-13T06:55:47.291301-070010.21.1.88110.52.23.134ET P2P BitTorrent DHT ping request*
18
2018-08-13T06:34:36.788379-070010.21.1.45172.217.30.110ET POLICY Python-urllib/ Suspicious User Agent*
19
2018-08-13T06:56:03.244116-070010.21.1.88172.217.29.142ET POLICY Python-urllib/ Suspicious User Agent*
20
2018-08-13T06:34:37.049607-070010.21.1.45172.217.30.100ET POLICY Python-urllib/ Suspicious User Agent*
DNS 1374
Showing 1-20 of 1,374 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2005-07-16T07:29:32.596875-070081.131.67.131213.120.62.99queryftp.ipv6.uni-leipzig.deAAAA(not set)
2
2005-07-16T07:29:33.596875-070081.131.67.131213.120.62.99queryftp.ipv6.uni-leipzig.deAAAA(not set)
3
2005-07-16T07:29:34.596875-070081.131.67.131213.120.62.99queryftp.ipv6.uni-leipzig.deAAAA(not set)
4
2005-07-16T07:29:34.753125-0700213.120.62.9981.131.67.131answerftp.ipv6.uni-leipzig.deAAAA(not set)
5
2005-07-16T07:29:36.441602-0700213.120.62.9981.131.67.131answerftp.ipv6.uni-leipzig.deAAAA(not set)
6
2005-07-16T07:29:37.271680-0700213.120.62.9981.131.67.131answerftp.ipv6.uni-leipzig.deAAAA(not set)
7
2006-08-25T12:32:21.664799-0700192.168.1.2192.168.1.1queryui.skype.comA(not set)
8
2006-08-25T12:32:21.664914-0700192.168.1.2192.168.1.1queryui.skype.comAAAA(not set)
9
2006-08-25T12:32:21.698599-0700192.168.1.1192.168.1.2answerui.skype.comA(not set)
10
2006-08-25T12:32:23.172938-0700192.168.1.2192.168.1.1queryui.skype.comAAAA(not set)
11
2006-08-25T12:32:23.994435-0700192.168.1.1192.168.1.2answerui.skype.comAAAA(not set)
12
2006-08-25T12:32:24.673656-0700192.168.1.2192.168.1.1queryui.skype.comAAAA(not set)
13
2006-08-25T12:32:25.009057-0700192.168.1.1192.168.1.2answerui.skype.comAAAA(not set)
14
2006-08-25T12:32:26.174411-0700192.168.1.2192.168.1.1queryui.skype.comAAAA(not set)
15
2006-08-25T12:32:26.663468-0700192.168.1.1192.168.1.2answerui.skype.comAAAA(not set)
16
2006-08-25T12:32:26.663826-0700192.168.1.2192.168.1.1queryui.skype.comAAAA(not set)
17
2006-08-25T12:32:27.152203-0700192.168.1.1192.168.1.2answerui.skype.comAAAA(not set)
18
2006-08-25T12:31:06.890652-0700192.168.1.2192.168.1.1query2.1.168.192.in-addr.arpaPTR(not set)
19
2006-08-25T12:31:06.890808-0700192.168.1.2192.168.1.1query114.214.204.212.in-addr.arpaPTR(not set)
20
2006-08-25T12:31:06.924944-0700192.168.1.1192.168.1.2answer2.1.168.192.in-addr.arpaPTR(not set)
TLS 64
Showing 61-64 of 64 items.
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
61
2018-08-20T11:10:04.838532-070010.21.1.98216.58.202.110TLS 1.2translate.google.com
62
2018-08-20T11:10:11.322510-070010.21.1.9854.191.46.28TLS 1.2shavar.services.mozilla.com
63
2018-08-20T11:10:14.518339-070010.21.1.98138.201.253.3TLS 1.2crvtck.com
64
2018-08-20T11:10:13.002996-070010.21.1.98144.76.96.212TLS 1.2stat.s3blog.org
TFTP 1
Showing 1-1 of 1 item.
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
12013-05-01T05:24:11.972852-0700192.168.0.253192.168.0.10readrfc1350.txtoctet
HTTP 670
Showing 141-160 of 670 items.
#
TimestampSourceHostnamePortMethodURLStatus
141
2011-09-23T13:12:09.594375-0700192.168.43.244www.epoca2011.org2095GET/horde/turba/themes/bluewhite/screen.css200
142
2011-09-23T13:12:09.612966-0700192.168.43.244www.epoca2011.org2095GET/horde/js/popup.js200
143
2011-09-23T13:12:10.208105-0700192.168.43.244www.epoca2011.org2095GET/horde/themes/graphics/horde.png200
144
2011-09-23T13:12:10.208164-0700192.168.43.244www.epoca2011.org2095GET/horde/imp/themes/graphics/imp.png200
145
2011-09-23T13:12:10.208215-0700192.168.43.244www.epoca2011.org2095GET/horde/dimp/themes/graphics/dimp.png200
146
2011-09-23T13:12:10.211495-0700192.168.43.244www.epoca2011.org2095GET/horde/mimp/themes/graphics/mimp.png200
147
2011-09-23T13:12:09.181431-0700172.16.0.2www.epoca2011.org2095GET/horde/nag/themes/bluewhite/screen.css200
148
2011-09-23T13:12:10.822553-0700192.168.43.244www.epoca2011.org2095GET/horde/mnemo/themes/graphics/mnemo.png200
149
2011-09-23T13:12:09.181552-0700192.168.43.244www.epoca2011.org2095GET/horde/nag/themes/bluewhite/screen.css200
150
2011-09-23T13:12:10.824275-0700192.168.43.244www.epoca2011.org2095GET/horde/nag/themes/graphics/nag.png200
151
2011-09-23T13:12:10.825329-0700192.168.43.244www.epoca2011.org2095GET/horde/turba/themes/graphics/turba.png200
152
2011-09-23T13:12:09.592855-0700172.16.0.2www.epoca2011.org2095GET/horde/mnemo/themes/screen.css200
153
2011-09-23T13:12:10.825890-0700192.168.43.244www.epoca2011.org2095GET/horde/themes/graphics/prefs.png200
154
2011-09-23T13:12:09.592988-0700192.168.43.244www.epoca2011.org2095GET/horde/mnemo/themes/screen.css200
155
2011-09-23T13:12:11.436381-0700192.168.43.244www.epoca2011.org2095GET/horde/themes/graphics/edit.png200
156
2011-09-23T13:12:11.436278-0700172.16.0.2www.epoca2011.org2095GET/horde/themes/graphics/show_panel.png200
157
2011-09-23T13:12:11.436439-0700192.168.43.244www.epoca2011.org2095GET/horde/themes/graphics/show_panel.png200
158
2011-09-23T13:12:09.593847-0700172.16.0.2www.epoca2011.org2095GET/horde/mnemo/themes/bluewhite/screen.css200
159
2011-09-23T13:12:11.438538-0700172.16.0.2www.epoca2011.org2095GET/horde/themes/graphics/tree/blank.png200
160
2011-09-23T13:12:11.437594-0700192.168.43.244www.epoca2011.org2095GET/horde/imp/themes/graphics/newmail.png200
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 5
Showing 1-5 of 5 items.
#
TimestampSourceDestinationEmail FromEmail ToSubject
1
2013-08-22T12:17:56.649185-0700192.168.0.4212.227.15.167DI <digitalinvestigator@networksims.com>w.buchanan@napier.ac.ukTesting
2
2014-01-06T13:20:26.759146-0800192.168.47.171192.168.47.134"Bill" <w.buchanan@napier.ac.uk><test@home.com>Test
3
2015-12-29T11:13:51.630178-0800172.16.16.221172.16.16.231Chris Sanders <sanders@skynet.local>Chris Sanders <sanders@cyberdyne.local>Help!
4
2015-12-29T11:14:08.908722-0800172.16.16.225172.16.16.221Chris Sanders <sanders@skynet.local>Chris Sanders <sanders@cyberdyne.local>Help!
5
2017-07-02T15:20:34.040092-0700172.16.16.225172.16.16.221(not set)(not set)(not set)
Flow 1143
Showing 61-80 of 1,143 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
61
2005-07-16T07:29:32.065625-07002091496738831672flow200.57.7.1955060200.57.7.2045061UDPpcapanalyzer
62
2005-07-16T07:29:32.065625-07001247746119159147flow200.57.7.19640378200.57.7.1994800UDPpcapanalyzer
63
2005-07-16T07:29:32.065625-0700263857158282487flow200.57.7.2044235200.57.7.19480TCPpcapanalyzer
64
2005-07-16T07:29:32.065625-07002093566913470292flow200.57.7.2044414200.57.7.19480TCPpcapanalyzer
65
2005-07-16T07:29:32.065625-07001249857095278258flow200.57.7.2044561200.57.7.19480TCPpcapanalyzer
66
2005-07-16T07:29:32.065625-07001813191449187165flow200.57.7.2044571200.57.7.19480TCPpcapanalyzer
67
2005-07-16T07:29:32.065625-07002235580007112261flow200.57.7.2044355200.57.7.19480TCPpcapanalyzer
68
2005-07-16T07:29:32.065625-0700829130689091766flow200.57.7.2044566200.57.7.19480TCPpcapanalyzer
69
2005-07-16T07:29:32.065625-07001814632409911174flow200.57.7.205102610.52.10.15161UDPpcapanalyzer
70
2005-07-16T07:29:32.065625-0700269906620847428flow200.57.7.2044572200.57.7.19480TCPpcapanalyzer
71
2005-07-16T07:29:32.065625-0700975067236556623flow200.57.7.2053603216.155.193.1315050TCPpcapanalyzer
72
2005-07-16T07:29:32.065625-0700976798106723970flow200.57.7.204455464.69.76.2113840TCPpcapanalyzer
73
2005-07-16T07:29:32.065625-07001258960278721049flow200.57.7.19640379200.57.7.1994801UDPpcapanalyzer
74
2005-07-16T07:29:32.065625-0700418679991809612flow200.57.7.2044564200.57.7.19480TCPpcapanalyzer
75
2005-07-16T07:29:32.065625-0700843759347621782flow200.57.7.2044421200.57.7.19480TCPpcapanalyzer
76
2005-07-16T07:29:32.065625-0700281183056434475flow200.57.7.2022427200.57.7.1952427UDPpcapanalyzer
77
2005-07-16T07:29:32.065625-0700572359710070257flow222.136.251.1173457880.171.48.11026UDPpcapanalyzer
78
2005-07-16T07:29:32.065625-07002020737982686961flow192.168.1.141217207.46.108.411863TCPpcapanalyzer
79
2005-07-16T07:29:32.065625-0700346895438469662flow70.85.177.1863695880.171.48.11026UDPpcapanalyzer
80
2005-07-16T07:29:32.065625-07001615809129732567flow222.136.251.1173457880.171.48.11027UDPpcapanalyzer
File 670
Showing 1-20 of 670 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2005-01-14T09:58:07.321966-0800200.57.7.204200.57.7.194/cems/applets/serviceRouterXML 1.0 document, ASCII text, with CRLF, LF line terminators160
2
2005-01-14T09:58:05.638272-0800200.57.7.194200.57.7.204/cems/META-INF/services/javax.xml.parsers.SAXParserFactoryHTML document, ASCII text1157
3
2005-01-14T09:58:07.444067-0800200.57.7.194200.57.7.204/cems/META-INF/services/javax.xml.parsers.SAXParserFactoryHTML document, ASCII text1157
4
2005-01-14T09:58:07.444203-0800200.57.7.194200.57.7.204/cems/META-INF/services/javax.xml.parsers.SAXParserFactoryHTML document, ASCII text1157
5
2005-01-14T09:58:07.754777-0800200.57.7.204200.57.7.194/cems/applets/serviceRouterXML 1.0 document, ASCII text, with CRLF, LF line terminators199
6
2005-01-14T09:58:05.679991-0800200.57.7.204200.57.7.194/cems/applets/serviceRouterXML 1.0 document, ASCII text, with CRLF, LF line terminators292
7
2005-01-14T09:58:07.324482-0800200.57.7.194200.57.7.204/cems/applets/serviceRouterXML 1.0 document, ASCII text, with CRLF, LF line terminators1147
8
2005-01-14T09:58:07.756923-0800200.57.7.194200.57.7.204/cems/applets/serviceRouterXML 1.0 document, ASCII text, with CRLF, LF line terminators382
9
2005-01-14T09:58:07.945685-0800200.57.7.194200.57.7.204/cems/META-INF/services/javax.xml.parsers.SAXParserFactoryHTML document, ASCII text1157
10
2005-01-14T09:58:07.945728-0800200.57.7.194200.57.7.204/cems/META-INF/services/javax.xml.parsers.SAXParserFactoryHTML document, ASCII text1157
11
2005-01-14T09:58:07.945874-0800200.57.7.194200.57.7.204/cems/META-INF/services/javax.xml.parsers.SAXParserFactoryHTML document, ASCII text1157
12
2005-01-14T09:58:07.444128-0800200.57.7.194200.57.7.204/cems/META-INF/services/javax.xml.parsers.SAXParserFactoryHTML document, ASCII text1157
13
2005-01-14T09:58:05.712327-0800200.57.7.194200.57.7.204/cems/applets/serviceRouterXML 1.0 document, ASCII text, with CRLF, LF line terminators4748
14
2005-01-14T09:58:07.828071-0800200.57.7.204200.57.7.194/cems/applets/serviceRouterXML 1.0 document, ASCII text, with CRLF, LF line terminators160
15
2005-01-14T09:58:07.830220-0800200.57.7.194200.57.7.204/cems/applets/serviceRouterXML 1.0 document, ASCII text, with CRLF, LF line terminators1147
16
2005-01-14T09:58:07.845352-0800200.57.7.194200.57.7.204/cems/META-INF/services/javax.xml.parsers.SAXParserFactoryHTML document, ASCII text1157
17
2005-01-14T09:58:05.838948-0800200.57.7.194200.57.7.204/cems/META-INF/services/javax.xml.parsers.SAXParserFactoryHTML document, ASCII text1157
18
2005-01-14T09:58:07.945802-0800200.57.7.194200.57.7.204/cems/META-INF/services/javax.xml.parsers.SAXParserFactoryHTML document, ASCII text1157
19
2005-01-14T09:58:10.854970-0800200.57.7.194200.57.7.204/cems/META-INF/services/javax.xml.parsers.SAXParserFactoryHTML document, ASCII text1157
20
2005-01-14T09:58:07.490456-0800200.57.7.204200.57.7.194/cems/applets/serviceRouterXML 1.0 document, ASCII text, with CRLF, LF line terminators160

Comments(not set)

Update Download PCAP Delete