Exercise6_User2.pcap

MD5e12a910bb97270bc9b86bc45e2d23fd2
Submission Date2019-09-11 02:41:54
Tags(not set)
Alert 15
Showing 1-15 of 15 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2017-04-20T16:21:34.734313-0700185.165.29.3610.1.6.132ET POLICY Suspicious EXE Download Content-Type image/jpeg*
2
2017-04-20T16:21:34.734313-0700185.165.29.3610.1.6.132ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download*
3
2017-04-20T16:21:34.734313-0700185.165.29.3610.1.6.132ET INFO SUSPICIOUS Dotted Quad Host MZ Response*
4
2017-04-20T16:21:43.954383-070010.1.6.13278.47.139.102ET POLICY External IP Check myexternalip.com*
5
2017-04-20T16:21:50.927593-070086.59.21.3810.1.6.132ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 640*
6
2017-04-20T16:21:52.677818-070093.115.97.24210.1.6.132ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 685*
7
2017-04-20T16:21:52.979827-070093.115.97.24210.1.6.132ET POLICY TLS possible TOR SSL traffic*
8
2017-04-20T16:21:56.848813-0700217.79.179.17710.1.6.132ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 358*
9
2017-04-20T16:21:57.127690-0700217.79.179.17710.1.6.132ET POLICY TLS possible TOR SSL traffic*
10
2017-04-20T16:22:07.836003-0700163.172.176.16710.1.6.132ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 176*
11
2017-04-20T16:22:16.383292-070010.1.6.13278.47.139.102ET POLICY External IP Check myexternalip.com*
12
2017-04-20T16:22:18.364551-070010.1.6.13278.47.139.102ET POLICY External IP Check myexternalip.com*
13
2017-04-20T16:21:44.006972-070023.23.117.22810.1.6.132ET POLICY Possible IP Check api.ipify.org*
14
2017-04-20T16:21:45.901987-0700208.83.223.3410.1.6.132ET POLICY TLS possible TOR SSL traffic*
15
2017-04-20T16:22:20.274710-070010.1.6.13278.47.139.102ET POLICY External IP Check myexternalip.com*
DNS 40
Showing 1-20 of 40 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2017-04-20T16:16:05.781841-070010.1.6.1328.8.8.8querywww.msftncsi.comA(not set)
2
2017-04-20T16:16:05.856582-07008.8.8.810.1.6.132answerwww.msftncsi.com(not set)(not set)
3
2017-04-20T16:16:03.036224-070010.1.6.1328.8.8.8queryteredo.ipv6.microsoft.comA(not set)
4
2017-04-20T16:16:03.121139-07008.8.8.810.1.6.132answerteredo.ipv6.microsoft.com(not set)(not set)
5
2017-04-20T16:16:03.521777-070010.1.6.1328.8.8.8queryteredo.ipv6.microsoft.comA(not set)
6
2017-04-20T16:16:03.608067-07008.8.8.810.1.6.132answerteredo.ipv6.microsoft.com(not set)(not set)
7
2017-04-20T16:20:19.133999-070010.1.6.1328.8.8.8querywww.bing.comA(not set)
8
2017-04-20T16:20:19.134249-070010.1.6.1328.8.8.8querywww.bing.comA(not set)
9
2017-04-20T16:20:19.162387-07008.8.8.810.1.6.132answerwww.bing.com(not set)(not set)
10
2017-04-20T16:20:19.162915-07008.8.8.810.1.6.132answerwww.bing.com(not set)(not set)
11
2017-04-20T16:20:39.189032-070010.1.6.1328.8.8.8queryssl.gstatic.comA(not set)
12
2017-04-20T16:20:39.219755-07008.8.8.810.1.6.132answerssl.gstatic.com(not set)(not set)
13
2017-04-20T16:20:19.133502-070010.1.6.1328.8.8.8queryapi.bing.comA(not set)
14
2017-04-20T16:20:19.134499-070010.1.6.1328.8.8.8querywww.bing.comA(not set)
15
2017-04-20T16:20:19.153016-07008.8.8.810.1.6.132answerapi.bing.com(not set)(not set)
16
2017-04-20T16:20:19.162936-07008.8.8.810.1.6.132answerwww.bing.com(not set)(not set)
17
2017-04-20T16:20:19.133749-070010.1.6.1328.8.8.8queryapi.bing.comA(not set)
18
2017-04-20T16:20:19.134017-070010.1.6.1328.8.8.8querywww.bing.comA(not set)
19
2017-04-20T16:20:19.162948-07008.8.8.810.1.6.132answerapi.bing.com(not set)(not set)
20
2017-04-20T16:20:19.163168-07008.8.8.810.1.6.132answerwww.bing.com(not set)(not set)
TLS 19
Showing 1-19 of 19 items.
#
TimestampSource IPDestination IPTLS VersionIssuer
1
2017-04-20T16:20:39.266229-070010.1.6.132172.217.9.3TLS 1.2C=US, O=Google Inc, CN=Google Internet Authority G2
2
2017-04-20T16:20:39.266492-070010.1.6.132172.217.9.3TLS 1.2C=US, O=Google Inc, CN=Google Internet Authority G2
3
2017-04-20T16:20:39.554066-070010.1.6.132172.217.2.227TLS 1.2C=US, O=Google Inc, CN=Google Internet Authority G2
4
2017-04-20T16:20:39.555121-070010.1.6.132172.217.2.227TLS 1.2C=US, O=Google Inc, CN=Google Internet Authority G2
5
2017-04-20T16:20:39.779518-070010.1.6.132172.217.2.238TLS 1.2C=US, O=Google Inc, CN=Google Internet Authority G2
6
2017-04-20T16:20:39.787874-070010.1.6.132172.217.2.238TLS 1.2C=US, O=Google Inc, CN=Google Internet Authority G2
7
2017-04-20T16:20:39.964179-070010.1.6.132216.58.194.68TLS 1.2(not set)
8
2017-04-20T16:20:45.316476-070010.1.6.13272.21.81.200TLS 1.2C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT SSL SHA2
9
2017-04-20T16:20:38.819480-070010.1.6.132216.58.194.68TLS 1.2C=US, O=Google Inc, CN=Google Internet Authority G2
10
2017-04-20T16:20:39.167461-070010.1.6.132216.58.194.68TLS 1.2(not set)
11
2017-04-20T16:20:45.317713-070010.1.6.13272.21.81.200TLS 1.2C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT SSL SHA2
12
2017-04-20T16:21:15.220428-070010.1.6.13272.21.81.200TLS 1.2C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT SSL SHA2
13
2017-04-20T16:20:45.316975-070010.1.6.13272.21.81.200TLS 1.2C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT SSL SHA2
14
2017-04-20T16:21:51.115027-070010.1.6.13286.59.21.38TLSv1CN=www.h44haqorsut.com
15
2017-04-20T16:21:52.844781-070010.1.6.13293.115.97.242TLSv1CN=www.bq3fkbei.com
16
2017-04-20T16:21:56.991411-070010.1.6.132217.79.179.177TLSv1CN=www.64xrjoy6wv2bm.com
17
2017-04-20T16:22:07.993053-070010.1.6.132163.172.176.167TLSv1CN=www.yxic2vzvrfu5p.com
18
2017-04-20T16:21:43.918689-070010.1.6.13223.23.117.228TLSv1C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA
19
2017-04-20T16:21:45.839084-070010.1.6.132208.83.223.34TLSv1CN=www.ejrcrvcsw7rc67xwa.com
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 10
Showing 1-10 of 10 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2017-04-20T16:16:05.921994-070010.1.6.132www.msftncsi.com80GET/ncsi.txt200
2
2017-04-20T16:20:20.313427-070010.1.6.132www.bing.com80GET/favicon.ico200
3
2017-04-20T16:20:38.398422-070010.1.6.132api.bing.com80GET/qsml.aspx?query=http%3A%2F%2Fwww.google.com%2F&maxwidth=32765&rowheight=26&sectionHeight=208&FORM=IESS02&market=en-US200
4
2017-04-20T16:20:38.502219-070010.1.6.132api.bing.com80GET/qsml.aspx?query=http%3A%2F%2Fwww.google.com%2F&maxwidth=32765&rowheight=26&sectionHeight=208&FORM=IESS02&market=en-US200
5
2017-04-20T16:20:38.740147-070010.1.6.132www.google.com80GET/302
6
2017-04-20T16:21:43.954383-070010.1.6.132myexternalip.com80GET/raw200
7
2017-04-20T16:22:16.383292-070010.1.6.132myexternalip.com80GET/raw200
8
2017-04-20T16:22:18.364551-070010.1.6.132myexternalip.com80GET/raw200
9
2017-04-20T16:21:37.397171-070010.1.6.132185.165.29.3680GET/trolls.jpg200
10
2017-04-20T16:22:20.274710-070010.1.6.132myexternalip.com80GET/raw(not set)
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 63
Showing 1-20 of 63 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2017-04-20T16:20:45.399009-0700706531804415783flow10.1.6.13260718224.0.0.2525355UDPpcapanalyzer
2
2017-04-20T16:20:45.399009-0700712559790526535flow10.1.6.13255260224.0.0.2525355UDPpcapanalyzer
3
2017-04-20T16:20:45.399009-07001982199368064580flow10.1.6.1324915723.215.99.3380TCPpcapanalyzer
4
2017-04-20T16:20:45.399009-07001448665645561146flow10.1.6.13261569224.0.0.2525355UDPpcapanalyzer
5
2017-04-20T16:20:45.399009-0700325733561062657flow10.1.6.13253975224.0.0.2525355UDPpcapanalyzer
6
2017-04-20T16:20:45.399009-0700748714825907536flow10.1.6.13264316224.0.0.2525355UDPpcapanalyzer
7
2017-04-20T16:20:45.399009-0700532014397934696flow10.1.6.13260800224.0.0.2525355UDPpcapanalyzer
8
2017-04-20T16:20:45.399009-0700539113978547582flow10.1.6.13249759224.0.0.2525355UDPpcapanalyzer
9
2017-04-20T16:20:45.399009-07001243630349299501flow10.1.6.13256036224.0.0.2525355UDPpcapanalyzer
10
2017-04-20T16:20:45.399009-07001949375080646337flow10.1.6.13263057224.0.0.2525355UDPpcapanalyzer
11
2017-04-20T16:20:45.399009-0700545861372414536flow10.1.6.13264846224.0.0.2525355UDPpcapanalyzer
12
2017-04-20T16:21:35.938744-07001973285163494929flow10.1.6.132613928.8.8.853UDPpcapanalyzer
13
2017-04-20T16:21:35.938744-07001453518958601342flow10.1.6.13268255.255.255.25567UDPpcapanalyzer
14
2017-04-20T16:21:35.938744-07001613053388183429flow10.1.6.13253597224.0.0.2525355UDPpcapanalyzer
15
2017-04-20T16:21:35.938744-0700909962929718780flow10.1.6.13213710.1.6.255137UDPpcapanalyzer
16
2017-04-20T16:21:35.938744-0700791855624332744flow10.1.6.16710.1.6.13268UDPpcapanalyzer
17
2017-04-20T16:21:35.938744-07002070274114817408flow10.1.6.132543848.8.8.853UDPpcapanalyzer
18
2017-04-20T16:21:35.938744-07002103291675932209flow10.1.6.132562368.8.8.853UDPpcapanalyzer
19
2017-04-20T16:22:20.274710-0700713105273570071flow10.1.6.1324917878.47.139.10280TCPpcapanalyzer
20
2017-04-20T16:22:20.274710-0700996714850063992flow10.1.6.13249185217.79.179.1779001TCPpcapanalyzer
File 9
Showing 1-9 of 9 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2017-04-20T16:16:05.921994-070023.215.99.3310.1.6.132/ncsi.txtASCII text, with no line terminators14
2
2017-04-20T16:20:20.313427-0700204.79.197.20010.1.6.132/favicon.icoPNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced300
3
2017-04-20T16:20:38.398422-070013.107.5.8010.1.6.132/qsml.aspxXML 1.0 document, ASCII text, with very long lines, with no line terminators567
4
2017-04-20T16:20:38.502219-070013.107.5.8010.1.6.132/qsml.aspxXML 1.0 document, ASCII text, with very long lines, with no line terminators567
5
2017-04-20T16:20:38.740147-0700216.58.194.6810.1.6.132/HTML document, ASCII text, with CRLF, LF line terminators231
6
2017-04-20T16:21:43.954383-070078.47.139.10210.1.6.132/rawASCII text16
7
2017-04-20T16:22:16.383292-070078.47.139.10210.1.6.132/rawASCII text16
8
2017-04-20T16:22:18.364551-070078.47.139.10210.1.6.132/rawASCII text16
9
2017-04-20T16:21:37.397171-0700185.165.29.3610.1.6.132/trolls.jpgPE32 executable (GUI) Intel 80386, for MS Windows5218304

Comments(not set)

Update Download PCAP Delete