2019-MTA-workshop-block-1-02.pcap

MD567dabb24ace9619cb4db9959f1abb7c4
Submission Date2019-08-20 20:22:29
Tags(not set)
Alert 0
#
TimestampSrc IpDest IpAlert SignatureP
No results found.
DNS 193
Showing 1-20 of 193 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2019-07-09T17:36:44.574101-070010.7.10.10110.7.10.7query_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.rootdreams.netSRV(not set)
2
2019-07-09T17:36:44.574397-070010.7.10.710.7.10.101answer_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.rootdreams.netSRV(not set)
3
2019-07-09T17:36:44.828212-070010.7.10.10110.7.10.7query_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.rootdreams.netSRV(not set)
4
2019-07-09T17:36:44.828486-070010.7.10.710.7.10.101answer_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.rootdreams.netSRV(not set)
5
2019-07-09T17:36:44.967696-070010.7.10.10110.7.10.7query_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.rootdreams.netSRV(not set)
6
2019-07-09T17:36:44.967969-070010.7.10.710.7.10.101answer_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.rootdreams.netSRV(not set)
7
2019-07-09T17:36:45.140249-070010.7.10.10110.7.10.7query_ldap._tcp.Default-First-Site-Name._sites.rootdreams.netSRV(not set)
8
2019-07-09T17:36:45.140513-070010.7.10.710.7.10.101answer_ldap._tcp.Default-First-Site-Name._sites.rootdreams.netSRV(not set)
9
2019-07-09T17:36:45.482237-070010.7.10.10110.7.10.7queryujjyetgdqf.rootdreams.netA(not set)
10
2019-07-09T17:36:45.482481-070010.7.10.710.7.10.101answerujjyetgdqf.rootdreams.netA(not set)
11
2019-07-09T17:36:45.765038-070010.7.10.10110.7.10.7queryRootdreams-DC.rootdreams.netA(not set)
12
2019-07-09T17:36:45.765414-070010.7.10.710.7.10.101answerRootdreams-DC.rootdreams.netA(not set)
13
2019-07-09T17:36:45.482752-070010.7.10.10110.7.10.7queryujjyetgdqf.bridgebeat.netA(not set)
14
2019-07-09T17:36:45.541192-070010.7.10.710.7.10.101answerujjyetgdqf.bridgebeat.netA(not set)
15
2019-07-09T17:36:47.785446-070010.7.10.10110.7.10.7querygeo-prod.do.dsp.mp.microsoft.comA(not set)
16
2019-07-09T17:36:47.785715-070010.7.10.710.7.10.101answergeo-prod.do.dsp.mp.microsoft.comA(not set)
17
2019-07-09T17:36:47.949489-070010.7.10.10110.7.10.7query_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.rootdreams.netSRV(not set)
18
2019-07-09T17:36:47.949771-070010.7.10.710.7.10.101answer_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.rootdreams.netSRV(not set)
19
2019-07-09T17:36:48.511725-070010.7.10.10110.7.10.7querycp501-prod.do.dsp.mp.microsoft.comA(not set)
20
2019-07-09T17:36:48.512010-070010.7.10.710.7.10.101answercp501-prod.do.dsp.mp.microsoft.comA(not set)
TLS 152
Showing 1-20 of 152 items.
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
1
2019-07-09T17:36:48.340550-070010.7.10.101104.108.127.93TLS 1.2kv501-prod.do.dsp.mp.microsoft.com
2
2019-07-09T17:36:48.906934-070010.7.10.101104.108.127.93TLS 1.2cp501-prod.do.dsp.mp.microsoft.com
3
2019-07-09T17:36:48.611334-070010.7.10.101104.108.127.93TLS 1.2cp501-prod.do.dsp.mp.microsoft.com
4
2019-07-09T17:36:49.037186-070010.7.10.101104.108.127.93TLS 1.2disc501-prod.do.dsp.mp.microsoft.com
5
2019-07-09T17:36:49.243153-070010.7.10.101104.108.127.93TLS 1.2disc501-prod.do.dsp.mp.microsoft.com
6
2019-07-09T17:36:49.438610-070010.7.10.10140.79.65.78TLS 1.2array508-prod.do.dsp.mp.microsoft.com
7
2019-07-09T17:36:49.574004-070010.7.10.10140.79.66.194TLS 1.2array501-prod.do.dsp.mp.microsoft.com
8
2019-07-09T17:36:49.937545-070010.7.10.101104.108.127.93TLS 1.2disc501-prod.do.dsp.mp.microsoft.com
9
2019-07-09T17:36:50.317447-070010.7.10.10140.79.65.123TLS 1.2array505-prod.do.dsp.mp.microsoft.com
10
2019-07-09T17:38:01.768105-070010.7.10.10152.114.76.34TLS 1.2v20.events.data.microsoft.com
11
2019-07-09T17:38:04.326117-070010.7.10.101204.79.197.200TLS 1.2www.bing.com
12
2019-07-09T17:36:47.935189-070010.7.10.10140.79.66.209TLS 1.2geo-prod.do.dsp.mp.microsoft.com
13
2019-07-09T17:36:49.250771-070010.7.10.101104.108.127.93TLS 1.2cp501-prod.do.dsp.mp.microsoft.com
14
2019-07-09T17:36:49.605498-070010.7.10.101104.108.127.93TLS 1.2disc501-prod.do.dsp.mp.microsoft.com
15
2019-07-09T17:36:49.613629-070010.7.10.101104.108.127.93TLS 1.2cp501-prod.do.dsp.mp.microsoft.com
16
2019-07-09T17:36:49.944014-070010.7.10.101104.108.127.93TLS 1.2cp501-prod.do.dsp.mp.microsoft.com
17
2019-07-09T17:36:49.944346-070010.7.10.10140.79.70.158TLS 1.2array503-prod.do.dsp.mp.microsoft.com
18
2019-07-09T17:36:50.248507-070010.7.10.101104.108.127.93TLS 1.2disc501-prod.do.dsp.mp.microsoft.com
19
2019-07-09T17:36:50.588940-070010.7.10.10140.79.70.158TLS 1.2array503-prod.do.dsp.mp.microsoft.com
20
2019-07-09T17:38:16.342166-070010.7.10.10140.90.23.230TLS 1.2login.live.com
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 5
Showing 1-5 of 5 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2019-07-09T17:38:23.414224-070010.7.10.101blog.eskill.com80GET/cyber-security-skills-shortage/301
2
2019-07-09T17:38:26.989068-070010.7.10.101ocsp.comodoca.com80GET/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR64T7ooMQqLLQoy%2BemBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEFgo7t9gbZlUmh0Q15O%2Fpto%3D200
3
2019-07-09T17:38:44.297965-070010.7.10.101ocsp.digicert.com80GET/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAtqs7A%2Bsan2xGCSaqjN%2FrM%3D200
4
2019-07-09T17:38:51.817936-070010.7.10.101ocsp.digicert.com80GET/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D200
5
2019-07-09T17:39:18.815705-070010.7.10.101tile-service.weather.microsoft.com80GET/en-US/livetile/preinstall?region=US&appid=C98EA5B0842DBB9405BBF071E1DA76512D21FE36&FORM=Threshold200
SMB 35
Showing 1-20 of 35 items.
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
1
2019-07-09T17:36:45.259596-070010.7.10.10110.7.10.72.??SMB1_COMMAND_NEGOTIATE_PROTOCOL00
2
2019-07-09T17:36:45.279535-070010.7.10.10110.7.10.73.11SMB2_COMMAND_NEGOTIATE_PROTOCOL00
3
2019-07-09T17:36:45.304407-070010.7.10.10110.7.10.73.11SMB2_COMMAND_SESSION_SETUP703692139397890
4
2019-07-09T17:36:45.304750-070010.7.10.10110.7.10.73.11SMB2_COMMAND_TREE_CONNECT703692139397891
5
2019-07-09T17:36:45.325182-070010.7.10.10110.7.10.73.11SMB2_COMMAND_IOCTL703692139397891
6
2019-07-09T17:36:45.370580-070010.7.10.10110.7.10.73.11SMB2_COMMAND_IOCTL703692139397891
7
2019-07-09T17:36:45.429609-070010.7.10.10110.7.10.73.11SMB2_COMMAND_IOCTL703692139397891
8
2019-07-09T17:36:46.694954-070010.7.10.10110.7.10.73.11SMB2_COMMAND_SESSION_SETUP703692139397930
9
2019-07-09T17:36:46.696025-070010.7.10.10110.7.10.73.11SMB2_COMMAND_TREE_CONNECT703692139397931
10
2019-07-09T17:36:46.696726-070010.7.10.10110.7.10.73.11SMB2_COMMAND_CREATE703692139397931
11
2019-07-09T17:36:46.703361-070010.7.10.10110.7.10.73.11SMB2_COMMAND_CREATE703692139397931
12
2019-07-09T17:36:46.704713-070010.7.10.10110.7.10.73.11SMB2_COMMAND_FIND703692139397931
13
2019-07-09T17:36:46.704713-070010.7.10.10110.7.10.73.11SMB2_COMMAND_FIND703692139397931
14
2019-07-09T17:36:46.705360-070010.7.10.10110.7.10.73.11SMB2_COMMAND_CREATE703692139397931
15
2019-07-09T17:36:46.706557-070010.7.10.10110.7.10.73.11SMB2_COMMAND_FIND703692139397931
16
2019-07-09T17:36:46.706557-070010.7.10.10110.7.10.73.11SMB2_COMMAND_FIND703692139397931
17
2019-07-09T17:36:46.707084-070010.7.10.10110.7.10.73.11SMB2_COMMAND_CREATE703692139397931
18
2019-07-09T17:36:46.708342-070010.7.10.10110.7.10.73.11SMB2_COMMAND_FIND703692139397931
19
2019-07-09T17:36:46.708342-070010.7.10.10110.7.10.73.11SMB2_COMMAND_FIND703692139397931
20
2019-07-09T17:36:46.708886-070010.7.10.10110.7.10.73.11SMB2_COMMAND_CREATE703692139397931
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 319
Showing 1-20 of 319 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2019-07-09T17:39:28.778862-0700913104462210532flow10.7.10.10113710.7.10.255137UDPpcapanalyzer
2
2019-07-09T17:39:28.778862-070087291772866919flow10.7.10.1014966810.7.10.7389TCPpcapanalyzer
3
2019-07-09T17:39:28.778862-07001126733988043924flow10.7.10.1014968210.7.10.7389TCPpcapanalyzer
4
2019-07-09T17:39:28.778862-07001578474353484404flow10.7.10.1014970010.7.10.7389TCPpcapanalyzer
5
2019-07-09T17:39:28.778862-07001451989713933061flow10.7.10.1014968810.7.10.7389TCPpcapanalyzer
6
2019-07-09T17:39:28.778862-07001877958127959812flow10.7.10.1014969110.7.10.7389TCPpcapanalyzer
7
2019-07-09T17:39:28.778862-07001360577777486615flow10.7.10.1014968710.7.10.7389TCPpcapanalyzer
8
2019-07-09T17:39:28.778862-07002080970494607789flow10.7.10.1014969310.7.10.7389TCPpcapanalyzer
9
2019-07-09T17:39:28.778862-0700815819158196686flow10.7.10.1014969910.7.10.7389TCPpcapanalyzer
10
2019-07-09T17:39:28.778862-07001240600013467165flow10.7.10.1014967410.7.10.7389TCPpcapanalyzer
11
2019-07-09T17:39:28.778862-07001945947460093316flow10.7.10.1014968110.7.10.7389TCPpcapanalyzer
12
2019-07-09T17:39:28.778862-07001830195944014485flow10.7.10.1015546110.7.10.753UDPpcapanalyzer
13
2019-07-09T17:39:28.778862-07001830352718449560flow10.7.10.1014985923.62.7.136443TCPpcapanalyzer
14
2019-07-09T17:39:28.778862-07001126843516283196flow10.7.10.10149784151.101.200.157443TCPpcapanalyzer
15
2019-07-09T17:39:28.778862-0700845823800235944flow10.7.10.10112310.7.10.7123UDPpcapanalyzer
16
2019-07-09T17:39:28.778862-07001971809606764319flow10.7.10.1015408310.7.10.753UDPpcapanalyzer
17
2019-07-09T17:39:28.778862-0700142851469966113flow10.7.10.1014969640.79.66.209443TCPpcapanalyzer
18
2019-07-09T17:39:28.778862-0700565849918860872flow10.7.10.1014972710.7.10.788TCPpcapanalyzer
19
2019-07-09T17:39:28.778862-0700565948704788962flow10.7.10.1015510610.7.10.753UDPpcapanalyzer
20
2019-07-09T17:39:28.778862-0700284976239171563flow10.7.10.1016383510.7.10.753UDPpcapanalyzer
File 9
Showing 1-9 of 9 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2019-07-09T17:36:46.719227-070010.7.10.710.7.10.101rootdreams.net\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.infLittle-endian UTF-16 Unicode text, with CRLF, CR line terminators1098
2
2019-07-09T17:36:46.726005-070010.7.10.710.7.10.101rootdreams.net\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Registry.poldata2796
3
2019-07-09T17:36:46.728122-070010.7.10.710.7.10.101rootdreams.net\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.iniASCII text, with CRLF line terminators22
4
2019-07-09T17:36:46.731469-070010.7.10.710.7.10.101rootdreams.net\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.iniASCII text, with CRLF line terminators22
5
2019-07-09T17:38:23.414224-0700162.243.48.11710.7.10.101/cyber-security-skills-shortage/HTML document, ASCII text, with CRLF line terminators178
6
2019-07-09T17:38:26.989068-0700151.139.128.1410.7.10.101/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR64T7ooMQqLLQoy+emBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEFgo7t9gbZlUmh0Q15O/pto=data471
7
2019-07-09T17:38:44.297965-070072.21.91.2910.7.10.101/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACEAtqs7A+san2xGCSaqjN/rM=data1507
8
2019-07-09T17:38:51.817936-070072.21.91.2910.7.10.101/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI=data1507
9
2019-07-09T17:39:18.815705-070023.196.126.22110.7.10.101/en-US/livetile/preinstallXML 1.0 document, UTF-8 Unicode text, with very long lines, with no line terminators4291

Comments(not set)

Update Download PCAP Delete