tcpdata_mcrsf2as7_20190820142214.pcap

MD5376df0e0a5ca8c90910e5cab848f5dd0
Submission Date2019-08-20 08:09:45
Tags(not set)
Alert 20
Showing 1-20 of 20 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2019-08-20T05:12:53.049551-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
2
2019-08-20T05:13:11.839663-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
3
2019-08-20T05:14:53.093731-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
4
2019-08-20T05:13:41.855308-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
5
2019-08-20T05:13:23.060614-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
6
2019-08-20T05:15:11.898864-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
7
2019-08-20T05:13:53.070923-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
8
2019-08-20T05:15:41.912622-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
9
2019-08-20T05:15:53.115896-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
10
2019-08-20T05:16:11.926028-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
11
2019-08-20T05:16:23.126087-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
12
2019-08-20T05:14:11.869331-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
13
2019-08-20T05:16:41.938694-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
14
2019-08-20T05:16:53.138340-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
15
2019-08-20T05:14:23.082524-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
16
2019-08-20T05:14:41.885931-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
17
2019-08-20T05:15:23.104355-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
18
2019-08-20T05:17:23.148476-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
19
2019-08-20T05:17:11.952095-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
20
2019-08-20T05:17:41.964090-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
DNS 14
Showing 1-14 of 14 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2019-08-20T05:12:45.796752-0700172.16.240.121172.16.240.11query17.242.168.192.in-addr.arpaPTR(not set)
2
2019-08-20T05:12:45.798796-0700172.16.240.11172.16.240.121answer17.242.168.192.in-addr.arpa(not set)(not set)
3
2019-08-20T05:13:26.134173-0700172.16.240.121172.16.240.11queryhanatdisjcssalrse02.blob.core.windows.netA(not set)
4
2019-08-20T05:13:26.135327-0700172.16.240.11172.16.240.121answerhanatdisjcssalrse02.blob.core.windows.net(not set)(not set)
5
2019-08-20T05:13:44.355123-0700172.16.240.121192.168.242.17queryversion.bindTXT(not set)
6
2019-08-20T05:13:44.455339-0700172.16.240.121192.168.242.17query17.242.168.192.in-addr.arpaPTR(not set)
7
2019-08-20T05:16:26.287454-0700172.16.240.121172.16.240.11queryhanatdisjcssalrse02.blob.core.windows.netA(not set)
8
2019-08-20T05:16:26.289070-0700172.16.240.11172.16.240.121answerhanatdisjcssalrse02.blob.core.windows.net(not set)(not set)
9
2019-08-20T05:17:26.339015-0700172.16.240.121172.16.240.11queryhanatdisjcssalrse02.blob.core.windows.netA(not set)
10
2019-08-20T05:17:26.340401-0700172.16.240.11172.16.240.121answerhanatdisjcssalrse02.blob.core.windows.net(not set)(not set)
11
2019-08-20T05:14:26.185881-0700172.16.240.121172.16.240.11queryhanatdisjcssalrse02.blob.core.windows.netA(not set)
12
2019-08-20T05:14:26.187087-0700172.16.240.11172.16.240.121answerhanatdisjcssalrse02.blob.core.windows.net(not set)(not set)
13
2019-08-20T05:15:26.231126-0700172.16.240.121172.16.240.11queryhanatdisjcssalrse02.blob.core.windows.netA(not set)
14
2019-08-20T05:15:26.232206-0700172.16.240.11172.16.240.121answerhanatdisjcssalrse02.blob.core.windows.net(not set)(not set)
TLS 9
Showing 1-9 of 9 items.
#
TimestampSource IPDestination IPTLS VersionIssuer
1
2019-08-20T05:12:46.439639-0700172.16.240.12164.39.96.209TLS 1.2C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA
2
2019-08-20T05:12:50.619527-0700172.16.240.12164.39.96.209TLS 1.2C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA
3
2019-08-20T05:12:47.515970-0700172.16.240.12164.39.96.209TLS 1.2C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA
4
2019-08-20T05:13:26.156482-0700172.16.240.12152.241.88.84TLS 1.2C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5
5
2019-08-20T05:14:26.208503-0700172.16.240.12152.241.88.84TLS 1.2C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5
6
2019-08-20T05:15:15.495780-0700172.16.240.121192.168.242.17UNDETERMINED(not set)
7
2019-08-20T05:15:26.255865-0700172.16.240.12152.241.88.84TLS 1.2C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5
8
2019-08-20T05:16:26.311940-0700172.16.240.12152.241.88.84TLS 1.2C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5
9
2019-08-20T05:17:26.361025-0700172.16.240.12152.241.88.84TLS 1.2C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5
TFTP 1
Showing 1-1 of 1 item.
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
12019-08-20T05:13:28.598080-0700172.16.240.121192.168.242.17readkernelnetascii
HTTP 34
Showing 1-20 of 34 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2019-08-20T05:12:53.049551-0700172.16.240.121168.63.129.1680POST/machine?comp=health200
2
2019-08-20T05:13:11.839663-0700172.16.240.121168.63.129.1680POST/machine?comp=roleProperties202
3
2019-08-20T05:14:53.093731-0700172.16.240.121168.63.129.1680POST/machine?comp=health200
4
2019-08-20T05:13:41.855308-0700172.16.240.121168.63.129.1680POST/machine?comp=roleProperties202
5
2019-08-20T05:13:23.060614-0700172.16.240.121168.63.129.1680POST/machine?comp=health200
6
2019-08-20T05:15:11.898864-0700172.16.240.121168.63.129.1680POST/machine?comp=roleProperties202
7
2019-08-20T05:13:53.070923-0700172.16.240.121168.63.129.1680POST/machine?comp=health200
8
2019-08-20T05:15:41.912622-0700172.16.240.121168.63.129.1680POST/machine?comp=roleProperties202
9
2019-08-20T05:15:53.115896-0700172.16.240.121168.63.129.1680POST/machine?comp=health200
10
2019-08-20T05:16:11.926028-0700172.16.240.121168.63.129.1680POST/machine?comp=roleProperties202
11
2019-08-20T05:16:23.126087-0700172.16.240.121168.63.129.1680POST/machine?comp=health200
12
2019-08-20T05:14:11.869331-0700172.16.240.121168.63.129.1680POST/machine?comp=roleProperties202
13
2019-08-20T05:16:41.938694-0700172.16.240.121168.63.129.1680POST/machine?comp=roleProperties202
14
2019-08-20T05:16:53.138340-0700172.16.240.121168.63.129.1680POST/machine?comp=health200
15
2019-08-20T05:14:23.082524-0700172.16.240.121168.63.129.1680POST/machine?comp=health200
16
2019-08-20T05:14:41.885931-0700172.16.240.121168.63.129.1680POST/machine?comp=roleProperties202
17
2019-08-20T05:15:23.104355-0700172.16.240.121168.63.129.1680POST/machine?comp=health200
18
2019-08-20T05:17:23.148476-0700172.16.240.121168.63.129.1680POST/machine?comp=health200
19
2019-08-20T05:17:11.952095-0700172.16.240.121168.63.129.1680POST/machine?comp=roleProperties202
20
2019-08-20T05:17:41.964090-0700172.16.240.121168.63.129.1680POST/machine?comp=roleProperties202
SMB 1
Showing 1-1 of 1 item.
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
1
2019-08-20T05:17:41.147803-0700172.16.240.121192.168.242.17unknownSMB1_COMMAND_NEGOTIATE_PROTOCOL00
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 3376
Showing 1-20 of 3,376 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2019-08-20T05:12:53.049539-07001941294678872842flow172.16.240.12115256192.168.242.1780TCPpcapanalyzer
2
2019-08-20T05:12:53.049539-07001811234479228749flow172.16.240.1217710192.168.242.1780TCPpcapanalyzer
3
2019-08-20T05:12:53.049539-07001953612645190175flow172.16.240.1213790192.168.242.17111TCPpcapanalyzer
4
2019-08-20T05:12:53.049539-07001399583338847988flow172.16.240.1213790192.168.242.1725TCPpcapanalyzer
5
2019-08-20T05:12:53.049539-07001400992088020874flow172.16.240.12135835192.168.242.172023UDPpcapanalyzer
6
2019-08-20T05:12:53.049539-07001545792615442008flow172.16.240.12135835192.168.242.17514UDPpcapanalyzer
7
2019-08-20T05:17:41.147803-0700141905245325121flow172.16.240.1217710192.168.242.171UDPpcapanalyzer
8
2019-08-20T05:17:41.147803-07001552192116710879flow172.16.240.12135835192.168.242.175742UDPpcapanalyzer
9
2019-08-20T05:17:41.147803-07002123564501012742flow172.16.240.1211028192.168.242.171625UDPpcapanalyzer
10
2019-08-20T05:17:41.147803-07001286758843059068flow172.16.240.12135835192.168.242.1712223UDPpcapanalyzer
11
2019-08-20T05:17:41.147803-07002143536098994607flow172.16.240.12135835192.168.242.175036UDPpcapanalyzer
12
2019-08-20T05:17:41.147803-07001040038741479084flow172.16.240.121514192.168.242.171625UDPpcapanalyzer
13
2019-08-20T05:17:41.147803-07001912707376563580flow172.16.240.12135835192.168.242.179874UDPpcapanalyzer
14
2019-08-20T05:17:41.147803-07001491280890551576flow127.0.0.156902127.0.0.17777UDPpcapanalyzer
15
2019-08-20T05:17:41.147803-0700649205307477671flow172.16.240.121514192.168.242.171UDPpcapanalyzer
16
2019-08-20T05:17:41.147803-0700795457533857402flow172.16.240.121257192.168.242.171625UDPpcapanalyzer
17
2019-08-20T05:17:41.147803-07001079878858133110flow172.16.240.121257192.168.242.171UDPpcapanalyzer
18
2019-08-20T05:17:41.147803-07002210687912593225flow172.16.240.1217710192.168.242.171625UDPpcapanalyzer
19
2019-08-20T05:17:41.147803-07001791550644113001flow172.16.240.12135835192.168.242.1754321UDPpcapanalyzer
20
2019-08-20T05:17:41.147803-0700129192142273437flow172.16.240.12135835192.168.242.17389UDPpcapanalyzer
File 20
Showing 1-20 of 20 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2019-08-20T05:12:53.049539-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text505
2
2019-08-20T05:13:11.839649-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text451
3
2019-08-20T05:14:53.093719-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text505
4
2019-08-20T05:13:23.060601-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text505
5
2019-08-20T05:13:41.855259-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text451
6
2019-08-20T05:15:11.898852-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text451
7
2019-08-20T05:13:53.070909-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text505
8
2019-08-20T05:15:41.912607-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text451
9
2019-08-20T05:15:53.115868-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text505
10
2019-08-20T05:16:11.926015-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text451
11
2019-08-20T05:16:23.126064-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text505
12
2019-08-20T05:14:11.869317-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text451
13
2019-08-20T05:16:41.938682-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text451
14
2019-08-20T05:16:53.138318-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text505
15
2019-08-20T05:14:23.082512-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text505
16
2019-08-20T05:14:41.885916-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text451
17
2019-08-20T05:15:23.104340-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text505
18
2019-08-20T05:17:23.148462-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text505
19
2019-08-20T05:17:11.952082-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text451
20
2019-08-20T05:17:41.964078-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text451

Comments(not set)

Update Download PCAP Delete