tcpdata_mcrsf2as7_20190820142214.pcap

MD5376df0e0a5ca8c90910e5cab848f5dd0
Submission Date2019-08-20 08:09:45
Tags(not set)
Alert 20
Showing 1-20 of 20 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2019-08-20T05:13:41.855308-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
2
2019-08-20T05:13:53.070923-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
3
2019-08-20T05:13:11.839663-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
4
2019-08-20T05:12:53.049551-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
5
2019-08-20T05:13:23.060614-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
6
2019-08-20T05:14:11.869331-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
7
2019-08-20T05:14:41.885931-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
8
2019-08-20T05:15:41.912622-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
9
2019-08-20T05:16:41.938694-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
10
2019-08-20T05:14:23.082524-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
11
2019-08-20T05:14:53.093731-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
12
2019-08-20T05:15:11.898864-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
13
2019-08-20T05:15:23.104355-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
14
2019-08-20T05:16:11.926028-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
15
2019-08-20T05:16:23.126087-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
16
2019-08-20T05:15:53.115896-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
17
2019-08-20T05:16:53.138340-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
18
2019-08-20T05:17:11.952095-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
19
2019-08-20T05:17:23.148476-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
20
2019-08-20T05:17:41.964090-0700172.16.240.121168.63.129.16ET POLICY curl User-Agent Outbound*
DNS 14
Showing 1-14 of 14 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2019-08-20T05:12:45.796752-0700172.16.240.121172.16.240.11query17.242.168.192.in-addr.arpaPTR(not set)
2
2019-08-20T05:12:45.798796-0700172.16.240.11172.16.240.121answer17.242.168.192.in-addr.arpaPTR(not set)
3
2019-08-20T05:13:26.134173-0700172.16.240.121172.16.240.11queryhanatdisjcssalrse02.blob.core.windows.netA(not set)
4
2019-08-20T05:13:26.135327-0700172.16.240.11172.16.240.121answerhanatdisjcssalrse02.blob.core.windows.netA(not set)
5
2019-08-20T05:13:44.355123-0700172.16.240.121192.168.242.17queryversion.bindTXT(not set)
6
2019-08-20T05:13:44.455339-0700172.16.240.121192.168.242.17query17.242.168.192.in-addr.arpaPTR(not set)
7
2019-08-20T05:14:26.185881-0700172.16.240.121172.16.240.11queryhanatdisjcssalrse02.blob.core.windows.netA(not set)
8
2019-08-20T05:14:26.187087-0700172.16.240.11172.16.240.121answerhanatdisjcssalrse02.blob.core.windows.netA(not set)
9
2019-08-20T05:15:26.231126-0700172.16.240.121172.16.240.11queryhanatdisjcssalrse02.blob.core.windows.netA(not set)
10
2019-08-20T05:15:26.232206-0700172.16.240.11172.16.240.121answerhanatdisjcssalrse02.blob.core.windows.netA(not set)
11
2019-08-20T05:17:26.339015-0700172.16.240.121172.16.240.11queryhanatdisjcssalrse02.blob.core.windows.netA(not set)
12
2019-08-20T05:17:26.340401-0700172.16.240.11172.16.240.121answerhanatdisjcssalrse02.blob.core.windows.netA(not set)
13
2019-08-20T05:16:26.287454-0700172.16.240.121172.16.240.11queryhanatdisjcssalrse02.blob.core.windows.netA(not set)
14
2019-08-20T05:16:26.289070-0700172.16.240.11172.16.240.121answerhanatdisjcssalrse02.blob.core.windows.netA(not set)
TLS 9
Showing 1-9 of 9 items.
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
1
2019-08-20T05:12:46.439639-0700172.16.240.12164.39.96.209TLS 1.2scanservice1.qg2.apps.qualys.com
2
2019-08-20T05:12:47.515970-0700172.16.240.12164.39.96.209TLS 1.2scanservice1.qg2.apps.qualys.com
3
2019-08-20T05:12:50.619527-0700172.16.240.12164.39.96.209TLS 1.2scanservice1.qg2.apps.qualys.com
4
2019-08-20T05:13:26.156482-0700172.16.240.12152.241.88.84TLS 1.2hanatdisjcssalrse02.blob.core.windows.net
5
2019-08-20T05:15:15.495780-0700172.16.240.121192.168.242.17UNDETERMINED(not set)
6
2019-08-20T05:15:26.255865-0700172.16.240.12152.241.88.84TLS 1.2hanatdisjcssalrse02.blob.core.windows.net
7
2019-08-20T05:14:26.208503-0700172.16.240.12152.241.88.84TLS 1.2hanatdisjcssalrse02.blob.core.windows.net
8
2019-08-20T05:16:26.311940-0700172.16.240.12152.241.88.84TLS 1.2hanatdisjcssalrse02.blob.core.windows.net
9
2019-08-20T05:17:26.361025-0700172.16.240.12152.241.88.84TLS 1.2hanatdisjcssalrse02.blob.core.windows.net
TFTP 1
Showing 1-1 of 1 item.
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
12019-08-20T05:13:28.598080-0700172.16.240.121192.168.242.17readkernelnetascii
HTTP 34
Showing 1-20 of 34 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2019-08-20T05:13:41.855308-0700172.16.240.121168.63.129.1680POST/machine?comp=roleProperties202
2
2019-08-20T05:13:53.070923-0700172.16.240.121168.63.129.1680POST/machine?comp=health200
3
2019-08-20T05:13:11.839663-0700172.16.240.121168.63.129.1680POST/machine?comp=roleProperties202
4
2019-08-20T05:12:53.049551-0700172.16.240.121168.63.129.1680POST/machine?comp=health200
5
2019-08-20T05:13:23.060614-0700172.16.240.121168.63.129.1680POST/machine?comp=health200
6
2019-08-20T05:14:11.869331-0700172.16.240.121168.63.129.1680POST/machine?comp=roleProperties202
7
2019-08-20T05:14:41.885931-0700172.16.240.121168.63.129.1680POST/machine?comp=roleProperties202
8
2019-08-20T05:15:41.912622-0700172.16.240.121168.63.129.1680POST/machine?comp=roleProperties202
9
2019-08-20T05:16:41.938694-0700172.16.240.121168.63.129.1680POST/machine?comp=roleProperties202
10
2019-08-20T05:14:23.082524-0700172.16.240.121168.63.129.1680POST/machine?comp=health200
11
2019-08-20T05:14:53.093731-0700172.16.240.121168.63.129.1680POST/machine?comp=health200
12
2019-08-20T05:15:11.898864-0700172.16.240.121168.63.129.1680POST/machine?comp=roleProperties202
13
2019-08-20T05:15:23.104355-0700172.16.240.121168.63.129.1680POST/machine?comp=health200
14
2019-08-20T05:16:11.926028-0700172.16.240.121168.63.129.1680POST/machine?comp=roleProperties202
15
2019-08-20T05:16:23.126087-0700172.16.240.121168.63.129.1680POST/machine?comp=health200
16
2019-08-20T05:15:53.115896-0700172.16.240.121168.63.129.1680POST/machine?comp=health200
17
2019-08-20T05:16:53.138340-0700172.16.240.121168.63.129.1680POST/machine?comp=health200
18
2019-08-20T05:17:11.952095-0700172.16.240.121168.63.129.1680POST/machine?comp=roleProperties202
19
2019-08-20T05:17:23.148476-0700172.16.240.121168.63.129.1680POST/machine?comp=health200
20
2019-08-20T05:17:41.964090-0700172.16.240.121168.63.129.1680POST/machine?comp=roleProperties202
SMB 1
Showing 1-1 of 1 item.
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
1
2019-08-20T05:17:26.698852-0700172.16.240.121192.168.242.17unknownSMB1_COMMAND_NEGOTIATE_PROTOCOL00
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 3391
Showing 1-20 of 3,391 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2019-08-20T05:12:48.221156-0700310538546327550flow172.16.240.12135835192.168.242.1722222UDPpcapanalyzer
2
2019-08-20T05:12:48.221156-0700452100668491130flow172.16.240.12135835192.168.242.1768UDPpcapanalyzer
3
2019-08-20T05:12:48.221156-0700455669786370020flow172.16.240.12135835192.168.242.1717UDPpcapanalyzer
4
2019-08-20T05:12:48.221156-0700174409557954613flow172.16.240.12135835192.168.242.171041UDPpcapanalyzer
5
2019-08-20T05:12:48.221156-0700179056712506151flow172.16.240.12135835192.168.242.1740426UDPpcapanalyzer
6
2019-08-20T05:12:48.221156-07001448142239095205flow172.16.240.1213790192.168.242.1753TCPpcapanalyzer
7
2019-08-20T05:12:48.221156-0700323006836492126flow172.16.240.1213790192.168.242.178080TCPpcapanalyzer
8
2019-08-20T05:12:48.221156-07001590056548556258flow172.16.240.12180192.168.242.172869TCPpcapanalyzer
9
2019-08-20T05:12:48.221156-07001170262150021863flow172.16.240.1213790192.168.242.171521TCPpcapanalyzer
10
2019-08-20T05:12:48.221156-07001874413448320820flow172.16.240.1213790192.168.242.173128TCPpcapanalyzer
11
2019-08-20T05:12:48.221156-07001032900505842269flow172.16.240.1213790192.168.242.1722TCPpcapanalyzer
12
2019-08-20T05:12:48.221156-0700330583158775475flow172.16.240.12135835192.168.242.177301UDPpcapanalyzer
13
2019-08-20T05:12:48.221156-0700472308489470283flow172.16.240.12146739192.168.242.17113TCPpcapanalyzer
14
2019-08-20T05:12:48.221156-0700756175763180412flow172.16.240.12135835192.168.242.1712223UDPpcapanalyzer
15
2019-08-20T05:12:48.221156-07001179238631561098flow172.16.240.12135835192.168.242.172023UDPpcapanalyzer
16
2019-08-20T05:12:48.221156-07001601945017994675flow172.16.240.121(not set)192.168.242.17(not set)ICMPpcapanalyzer
17
2019-08-20T05:12:48.221156-07001601945017862166flow172.16.240.121(not set)192.168.242.17(not set)ICMPpcapanalyzer
18
2019-08-20T05:12:48.221156-07001601945017851301flow172.16.240.121(not set)192.168.242.17(not set)ICMPpcapanalyzer
19
2019-08-20T05:12:48.221156-07001603495501045449flow127.0.0.15555127.0.0.17777UDPpcapanalyzer
20
2019-08-20T05:12:48.221156-07001322694834377437flow172.16.240.121772192.168.242.171UDPpcapanalyzer
File 20
Showing 1-20 of 20 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2019-08-20T05:13:41.855259-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text451
2
2019-08-20T05:12:53.049539-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text505
3
2019-08-20T05:13:53.070909-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text505
4
2019-08-20T05:13:11.839649-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text451
5
2019-08-20T05:13:23.060601-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text505
6
2019-08-20T05:14:11.869317-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text451
7
2019-08-20T05:14:41.885916-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text451
8
2019-08-20T05:15:41.912607-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text451
9
2019-08-20T05:16:41.938682-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text451
10
2019-08-20T05:14:23.082512-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text505
11
2019-08-20T05:14:53.093719-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text505
12
2019-08-20T05:15:11.898852-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text451
13
2019-08-20T05:15:23.104340-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text505
14
2019-08-20T05:16:11.926015-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text451
15
2019-08-20T05:16:23.126064-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text505
16
2019-08-20T05:15:53.115868-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text505
17
2019-08-20T05:16:53.138318-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text505
18
2019-08-20T05:17:11.952082-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text451
19
2019-08-20T05:17:23.148462-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text505
20
2019-08-20T05:17:41.964078-0700172.16.240.121168.63.129.16/machineXML 1.0 document, ASCII text451

Comments(not set)

Update Download PCAP Delete