asus.pcap

MD5753f46d341d649177a7db86741d655a0
Submission Date2019-08-30 08:18:25
Tags(not set)
Alert 2
Showing 1-2 of 2 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2019-08-30T08:07:39.799576-0700192.168.111.13192.168.111.255ET POLICY Spotify P2P Client*
2
2019-08-30T08:08:53.055418-0700192.168.111.13203.205.255.191ET POLICY Http Client Body contains pwd= in cleartext*
DNS 86
Showing 1-20 of 86 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2019-08-30T08:07:53.354278-0700192.168.111.22192.168.111.1queryoneclient.sfx.msA(not set)
2
2019-08-30T08:07:53.431840-0700192.168.111.22192.168.111.1queryprod1-files.acompli.netA(not set)
3
2019-08-30T08:07:53.369676-0700192.168.111.1192.168.111.22answeroneclient.sfx.ms(not set)(not set)
4
2019-08-30T08:07:53.432922-0700192.168.111.1192.168.111.22answerprod1-files.acompli.net(not set)(not set)
5
2019-08-30T08:07:53.430246-0700192.168.111.22192.168.111.1queryoutlookmobile-office365-tas.msedge.netA(not set)
6
2019-08-30T08:07:53.432384-0700192.168.111.1192.168.111.22answeroutlookmobile-office365-tas.msedge.net(not set)(not set)
7
2019-08-30T08:07:54.607797-0700192.168.111.22192.168.111.1queryolmprodpowerlift-cdn.azureedge.netA(not set)
8
2019-08-30T08:07:54.608696-0700192.168.111.1192.168.111.22answerolmprodpowerlift-cdn.azureedge.net(not set)(not set)
9
2019-08-30T08:07:55.872831-0700192.168.111.13192.168.111.1queryd1.sophosupd.comA(not set)
10
2019-08-30T08:07:55.887841-0700192.168.111.1192.168.111.13answerd1.sophosupd.com(not set)(not set)
11
2019-08-30T08:07:58.619770-0700192.168.111.13192.168.111.1queryd2.sophosupd.comA(not set)
12
2019-08-30T08:07:58.637267-0700192.168.111.1192.168.111.13answerd2.sophosupd.com(not set)(not set)
13
2019-08-30T08:07:54.470963-0700192.168.111.13192.168.111.1querydci.sophosupd.comA(not set)
14
2019-08-30T08:07:54.490858-0700192.168.111.1192.168.111.13answerdci.sophosupd.com(not set)(not set)
15
2019-08-30T08:07:54.515647-0700192.168.111.13192.168.111.1querydci.sophosupd.netA(not set)
16
2019-08-30T08:07:54.531177-0700192.168.111.1192.168.111.13answerdci.sophosupd.net(not set)(not set)
17
2019-08-30T08:08:03.571992-0700192.168.111.22192.168.111.1queryoutlook.office365.comA(not set)
18
2019-08-30T08:08:03.572908-0700192.168.111.1192.168.111.22answeroutlook.office365.com(not set)(not set)
19
2019-08-30T08:08:07.170716-0700192.168.111.24192.168.111.1queryplay.google.comA(not set)
20
2019-08-30T08:08:07.185985-0700192.168.111.1192.168.111.24answerplay.google.com(not set)(not set)
TLS 23
Showing 1-20 of 23 items.
#
TimestampSource IPDestination IPTLS VersionIssuer
1
2019-08-30T08:07:54.772041-0700192.168.111.1396.7.133.78TLS 1.2C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2
2
2019-08-30T08:07:55.981026-0700192.168.111.1396.7.133.78TLS 1.2C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2
3
2019-08-30T08:07:58.731620-0700192.168.111.1396.7.133.78TLS 1.2C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2
4
2019-08-30T08:08:17.722394-0700192.168.111.2454.148.119.29TLS 1.2C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA
5
2019-08-30T08:07:59.583919-0700192.168.111.1396.7.133.78TLS 1.2C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2
6
2019-08-30T08:08:12.947248-0700192.168.111.22183.60.93.249TLS 1.2C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust CN RSA CA G1
7
2019-08-30T08:08:17.526820-0700192.168.111.13117.121.252.224TLS 1.2C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2
8
2019-08-30T08:08:19.044484-0700192.168.111.1352.114.158.53TLS 1.2C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1
9
2019-08-30T08:08:33.292871-0700192.168.111.13157.240.8.18TLS 1.3(not set)
10
2019-08-30T08:08:34.439719-0700192.168.111.13157.240.8.18TLS 1.3(not set)
11
2019-08-30T08:08:34.688303-0700192.168.111.2354.71.84.85TLS 1.2C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4
12
2019-08-30T08:08:35.149300-0700192.168.111.13157.240.8.18TLS 1.3(not set)
13
2019-08-30T08:08:39.768570-0700192.168.111.2352.94.212.65TLS 1.2C=US, O=Amazon, OU=Server CA 1B, CN=Amazon
14
2019-08-30T08:08:33.519511-0700192.168.111.13157.240.8.18TLS 1.3(not set)
15
2019-08-30T08:08:34.194678-0700192.168.111.13157.240.8.18TLS 1.3(not set)
16
2019-08-30T08:08:35.368344-0700192.168.111.13157.240.8.18TLS 1.3(not set)
17
2019-08-30T08:08:51.722528-0700192.168.111.24104.98.247.244TLS 1.2C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA
18
2019-08-30T08:08:56.141986-0700192.168.111.24172.217.25.37TLS 1.3(not set)
19
1969-12-31T16:00:00.072188-0800192.168.111.1354.238.62.235TLS 1.2C=US, O=Amazon, OU=Server CA 1B, CN=Amazon
20
2019-08-30T08:08:32.269361-0700192.168.111.13157.240.8.18TLS 1.3(not set)
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 14
Showing 1-14 of 14 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2019-08-30T08:07:41.450218-0700192.168.111.13192.168.111.121400GET/spotifyzc?action=getInfo200
2
2019-08-30T08:07:40.525611-0700192.168.111.13192.168.111.121400GET/spotifyzc?action=getInfo200
3
2019-08-30T08:08:16.674033-0700192.168.111.22hkminorshort.weixin.qq.com80POST/mmtls/77ea909e200
4
2019-08-30T08:08:20.057354-0700192.168.111.13192.168.111.121400GET/spotifyzc?action=getInfo200
5
2019-08-30T08:08:20.712051-0700192.168.111.13192.168.111.121400GET/spotifyzc?action=getInfo200
6
2019-08-30T08:08:41.349050-0700192.168.111.13192.168.111.121400GET/spotifyzc?action=getInfo200
7
2019-08-30T08:08:42.577600-0700192.168.111.13192.168.111.121400GET/spotifyzc?action=getInfo200
8
2019-08-30T08:08:53.055418-0700192.168.111.13btrace.qq.com80POST/kvcollect200
9
2019-08-30T08:09:18.940978-0700192.168.111.23spectrum.s3.amazonaws.com80GET/kindle-wifi/wifistub.html200
10
2019-08-30T08:08:12.082358-0700192.168.111.22conn2.oppomobile.com80GET/generate_204204
11
2019-08-30T08:08:12.083261-0700192.168.111.22www.google.cn80GET/generate_204204
12
2019-08-30T08:08:21.073338-0700192.168.111.13192.168.111.121400GET/spotifyzc?action=getInfo200
13
2019-08-30T08:08:23.533394-0700192.168.111.13192.168.111.121400GET/spotifyzc?action=getInfo200
14
2019-08-30T08:08:56.608748-0700192.168.111.13192.168.111.121400GET/spotifyzc?action=getInfo200
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 195
Showing 1-20 of 195 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2019-08-30T08:07:55.757911-07001804477824301578flow192.168.111.122192.168.111.2450546TCPpcapanalyzer
2
2019-08-30T08:07:55.757911-07001300584816711398flow192.168.111.1083445554.252.191.958814UDPpcapanalyzer
3
2019-08-30T08:07:55.757911-07002244779689645847flow192.168.111.1083445554.252.191.958813UDPpcapanalyzer
4
2019-08-30T08:09:21.670308-07001578550805141455flow192.168.111.1083445554.252.191.958812UDPpcapanalyzer
5
2019-08-30T08:09:21.670308-07001015483746725890flow23.40.101.3880192.168.111.2249160TCPpcapanalyzer
6
2019-08-30T08:09:21.670308-07001424053243804858flowfe80:0000:0000:0000:0c87:8d90:adba:5d9e5353ff02:0000:0000:0000:0000:0000:0000:00fb5353UDPpcapanalyzer
7
2019-08-30T08:09:21.670308-07002210672209099344flow192.168.111.95353224.0.0.2515353UDPpcapanalyzer
8
2019-08-30T08:09:21.670308-07001407485407173347flow117.121.252.224443192.168.111.1357584TCPpcapanalyzer
9
2019-08-30T08:09:21.670308-0700705378716701flow192.168.111.2239715172.217.167.6780TCPpcapanalyzer
10
2019-08-30T08:09:21.670308-0700424195597218389flow13.107.5.88443192.168.111.1560342TCPpcapanalyzer
11
2019-08-30T08:09:21.670308-07001128535876446796flow192.168.111.2451382172.217.25.37443TCPpcapanalyzer
12
2019-08-30T08:09:21.670308-07002114548697155584flow192.168.111.2233545192.168.111.153UDPpcapanalyzer
13
2019-08-30T08:09:21.670308-0700848289255131362flow50.17.61.45443192.168.111.1357448TCPpcapanalyzer
14
2019-08-30T08:09:21.670308-0700567428459909677flow54.186.73.147443192.168.111.2451370TCPpcapanalyzer
15
2019-08-30T08:09:21.670308-0700567851515091676flow192.168.111.2460395192.168.111.153UDPpcapanalyzer
16
2019-08-30T08:09:21.670308-07001553338202689702flow192.168.111.2219639192.168.111.153UDPpcapanalyzer
17
2019-08-30T08:09:21.670308-0700568298194662110flow192.168.111.16354508.8.8.853UDPpcapanalyzer
18
2019-08-30T08:09:21.670308-07001272580485527783flow192.168.111.135755052.229.164.28443TCPpcapanalyzer
19
2019-08-30T08:09:21.670308-0700569344015796259flow74.125.200.1885228192.168.111.1655790TCPpcapanalyzer
20
2019-08-30T08:09:21.670308-0700288285649713338flow157.240.8.53443192.168.111.2464842TCPpcapanalyzer
File 14
Showing 1-14 of 14 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2019-08-30T08:07:41.450218-0700192.168.111.12192.168.111.13/spotifyzcASCII text, with very long lines, with no line terminators572
2
2019-08-30T08:07:40.525611-0700192.168.111.12192.168.111.13/spotifyzcASCII text, with very long lines, with no line terminators572
3
2019-08-30T08:08:16.659961-0700192.168.111.22203.205.143.153/mmtls/77ea909edata454
4
2019-08-30T08:08:16.674033-0700203.205.143.153192.168.111.22/mmtls/77ea909edata244
5
2019-08-30T08:08:20.057354-0700192.168.111.12192.168.111.13/spotifyzcASCII text, with very long lines, with no line terminators572
6
2019-08-30T08:08:20.712051-0700192.168.111.12192.168.111.13/spotifyzcASCII text, with very long lines, with no line terminators572
7
2019-08-30T08:08:41.349050-0700192.168.111.12192.168.111.13/spotifyzcASCII text, with very long lines, with no line terminators572
8
2019-08-30T08:08:42.577600-0700192.168.111.12192.168.111.13/spotifyzcASCII text, with very long lines, with no line terminators572
9
2019-08-30T08:08:53.051729-0700192.168.111.13203.205.255.191/kvcollectASCII text, with very long lines, with no line terminators470
10
2019-08-30T08:08:53.055418-0700203.205.255.191192.168.111.13/kvcollectASCII text, with no line terminators2
11
2019-08-30T08:09:18.940978-070052.217.37.20192.168.111.23/kindle-wifi/wifistub.htmlHTML document, ASCII text, with CRLF line terminators419
12
2019-08-30T08:08:21.073338-0700192.168.111.12192.168.111.13/spotifyzcASCII text, with very long lines, with no line terminators572
13
2019-08-30T08:08:23.533394-0700192.168.111.12192.168.111.13/spotifyzcASCII text, with very long lines, with no line terminators572
14
2019-08-30T08:08:56.608748-0700192.168.111.12192.168.111.13/spotifyzcASCII text, with very long lines, with no line terminators572

Comments(not set)

Update Download PCAP Delete