log.pcap

MD59b28455fde502f8ce8121a98f44fd426
Submission Date2019-08-15 14:47:17
Tags(not set)
Alert 21
Showing 1-20 of 21 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2019-08-15T13:17:20.285710-0700192.250.197.246172.31.29.164ET SCAN Potential SSH Scan*
2
2019-08-15T13:18:51.712119-0700192.250.197.246172.31.29.164ET SCAN Potential SSH Scan*
3
2019-08-15T13:17:35.975750-0700192.250.197.246172.31.29.164ET SCAN Potential SSH Scan*
4
2019-08-15T13:21:57.870247-0700192.250.197.246172.31.29.164ET SCAN Potential SSH Scan*
5
2019-08-15T13:22:18.636824-0700192.250.197.246172.31.29.164ET SCAN Potential SSH Scan*
6
2019-08-15T13:26:19.287980-0700192.250.197.246172.31.29.164ET SCAN Potential SSH Scan*
7
2019-08-15T13:28:48.040123-0700192.250.197.246172.31.29.164ET SCAN Potential SSH Scan*
8
2019-08-15T13:30:47.354107-0700192.250.197.246172.31.29.164ET SCAN Potential SSH Scan*
9
2019-08-15T13:29:44.673630-0700192.250.197.246172.31.29.164ET SCAN Potential SSH Scan*
10
2019-08-15T13:32:41.180248-0700192.250.197.246172.31.29.164ET SCAN Potential SSH Scan*
11
2019-08-15T13:36:58.638156-0700192.250.197.246172.31.29.164ET SCAN Potential SSH Scan*
12
2019-08-15T13:39:00.291451-0700192.250.197.246172.31.29.164ET SCAN Potential SSH Scan*
13
2019-08-15T13:41:06.882639-0700192.250.197.246172.31.29.164ET SCAN Potential SSH Scan*
14
2019-08-15T13:43:47.698056-0700192.250.197.246172.31.29.164ET SCAN Potential SSH Scan*
15
2019-08-15T13:42:16.141386-0700172.31.29.164169.254.169.254ET POLICY curl User-Agent Outbound*
16
2019-08-15T13:45:19.995336-0700192.250.197.246172.31.29.164ET SCAN Potential SSH Scan*
17
2019-08-15T13:45:38.640033-0700192.250.197.246172.31.29.164ET SCAN Potential SSH Scan*
18
2019-08-15T13:49:20.285729-0700192.250.197.246172.31.29.164ET SCAN Potential SSH Scan*
19
2019-08-15T13:51:55.369817-0700192.250.197.246172.31.29.164ET SCAN Potential SSH Scan*
20
2019-08-15T13:53:35.081115-0700192.250.197.246172.31.29.164ET SCAN Potential SSH Scan*
DNS 28
Showing 1-20 of 28 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2019-08-15T13:25:12.668639-0700172.31.29.164172.31.0.2queryip-51-83-104.euA(not set)
2
2019-08-15T13:25:12.666689-0700172.31.29.164172.31.0.2query120.104.83.51.in-addr.arpaPTR(not set)
3
2019-08-15T13:25:12.668498-0700172.31.0.2172.31.29.164answer120.104.83.51.in-addr.arpa(not set)(not set)
4
2019-08-15T13:25:12.670413-0700172.31.0.2172.31.29.164answerip-51-83-104.eu(not set)(not set)
5
2019-08-15T13:29:33.027831-0700172.31.29.164172.31.0.2query120.153.47.115.in-addr.arpaPTR(not set)
6
2019-08-15T13:29:33.029585-0700172.31.0.2172.31.29.164answer120.153.47.115.in-addr.arpa(not set)(not set)
7
2019-08-15T13:50:54.591732-0700172.31.29.164172.31.0.2queryfoograde.cbhujo2qzopt.us-east-1.rds.amazonaws.comA(not set)
8
2019-08-15T13:50:54.591751-0700172.31.29.164172.31.0.2queryfoograde.cbhujo2qzopt.us-east-1.rds.amazonaws.comAAAA(not set)
9
2019-08-15T13:50:54.592181-0700172.31.0.2172.31.29.164answerfoograde.cbhujo2qzopt.us-east-1.rds.amazonaws.com(not set)(not set)
10
2019-08-15T13:50:54.592201-0700172.31.0.2172.31.29.164answerfoograde.cbhujo2qzopt.us-east-1.rds.amazonaws.com(not set)(not set)
11
2019-08-15T13:50:54.812482-0700172.31.29.164172.31.0.2queryfoograde.cbhujo2qzopt.us-east-1.rds.amazonaws.comA(not set)
12
2019-08-15T13:50:54.812502-0700172.31.29.164172.31.0.2queryfoograde.cbhujo2qzopt.us-east-1.rds.amazonaws.comAAAA(not set)
13
2019-08-15T13:50:54.812807-0700172.31.0.2172.31.29.164answerfoograde.cbhujo2qzopt.us-east-1.rds.amazonaws.com(not set)(not set)
14
2019-08-15T13:50:54.812826-0700172.31.0.2172.31.29.164answerfoograde.cbhujo2qzopt.us-east-1.rds.amazonaws.com(not set)(not set)
15
2019-08-15T13:50:52.561891-0700172.31.29.164172.31.0.2queryfoograde.cbhujo2qzopt.us-east-1.rds.amazonaws.comA(not set)
16
2019-08-15T13:50:52.561910-0700172.31.29.164172.31.0.2queryfoograde.cbhujo2qzopt.us-east-1.rds.amazonaws.comAAAA(not set)
17
2019-08-15T13:50:52.575018-0700172.31.0.2172.31.29.164answerfoograde.cbhujo2qzopt.us-east-1.rds.amazonaws.com(not set)(not set)
18
2019-08-15T13:50:52.580166-0700172.31.0.2172.31.29.164answerfoograde.cbhujo2qzopt.us-east-1.rds.amazonaws.com(not set)(not set)
19
2019-08-15T13:50:59.623840-0700172.31.29.164172.31.0.2queryfoograde.cbhujo2qzopt.us-east-1.rds.amazonaws.comA(not set)
20
2019-08-15T13:50:59.623860-0700172.31.29.164172.31.0.2queryfoograde.cbhujo2qzopt.us-east-1.rds.amazonaws.comAAAA(not set)
TLS 0
#
TimestampSource IPDestination IPTLS VersionIssuer
No results found.
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 2
Showing 1-2 of 2 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2019-08-15T13:42:16.141386-0700172.31.29.164169.254.169.25480GET/latest/meta-data/network/interfaces/macs/0e:08:40:15:c2:5d/local-ipv4s200
2
2019-08-15T13:44:19.408993-0700176.98.219.12152.3.212.9580GET/200
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 2799
Showing 1-20 of 2,799 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2019-08-15T13:41:36.932561-0700421356656121689flow172.31.29.16422192.250.197.24636696TCPpcapanalyzer
2
2019-08-15T13:41:36.932561-0700845287108181755flow172.31.29.16422192.250.197.24638138TCPpcapanalyzer
3
2019-08-15T13:41:36.932561-07001268547545136895flow172.31.29.16480192.250.197.24660945TCPpcapanalyzer
4
2019-08-15T13:41:36.932561-0700572204498811647flow10.10.0.198(not set)172.31.29.164(not set)ICMPpcapanalyzer
5
2019-08-15T13:41:36.932561-07001146604834196558flow172.31.29.16480192.250.197.24654356TCPpcapanalyzer
6
2019-08-15T13:41:36.932561-07001569891041017587flow172.31.29.16480192.250.197.24644204TCPpcapanalyzer
7
2019-08-15T13:41:36.932561-0700891612625367517flow172.31.29.16480192.250.197.24638622TCPpcapanalyzer
8
2019-08-15T13:41:36.932561-0700904549067190725flow172.31.29.16480192.250.197.24658598TCPpcapanalyzer
9
2019-08-15T13:41:36.932561-0700769304841803602flow172.31.29.16422192.250.197.24655346TCPpcapanalyzer
10
2019-08-15T13:41:36.932561-0700630461433835972flow172.31.29.16422192.250.197.24663954TCPpcapanalyzer
11
2019-08-15T13:41:36.932561-070074967543637127flow172.31.29.16480192.250.197.24644570TCPpcapanalyzer
12
2019-08-15T13:41:36.932561-07001627100005141569flow172.31.29.16422192.250.197.24648470TCPpcapanalyzer
13
2019-08-15T13:41:36.932561-0700790036648627266flow172.31.29.16480192.250.197.24650460TCPpcapanalyzer
14
2019-08-15T13:41:36.932561-07001648755230310153flow172.31.29.16422192.250.197.24633748TCPpcapanalyzer
15
2019-08-15T13:41:36.932561-07001512080781151299flow172.31.29.16422192.250.197.24665138TCPpcapanalyzer
16
2019-08-15T13:41:36.932561-07001830127404184030flow172.31.29.16422192.250.197.24646905TCPpcapanalyzer
17
2019-08-15T13:41:36.932561-07001417471241948256flow172.31.29.16480192.250.197.24648229TCPpcapanalyzer
18
2019-08-15T13:41:36.932561-0700576031313431641flow172.31.29.16422192.250.197.24653882TCPpcapanalyzer
19
2019-08-15T13:41:36.932561-07001847895683787371flow192.250.197.24658651172.31.29.16422TCPpcapanalyzer
20
2019-08-15T13:41:36.932561-07002129929006608879flow172.31.29.16422192.250.197.24637859TCPpcapanalyzer
File 2
Showing 1-2 of 2 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2019-08-15T13:42:16.141386-0700169.254.169.254172.31.29.164/latest/meta-data/network/interfaces/macs/0e:08:40:15:c2:5d/local-ipv4sASCII text, with no line terminators13
2
2019-08-15T13:44:19.408993-0700172.31.29.164176.98.219.121/HTML document, UTF-8 Unicode text4947

Comments(not set)

Update Download PCAP Delete