exfil.pcap

MD5054c5bce88aec26d238ef3ea09601a04
Submission Date2018-11-04 01:17:17
Tags(not set)
Alert 4
Showing 1-4 of 4 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2018-10-31T23:05:20.018724-0700192.168.29.133192.99.200.113ET INFO [eSentire] Possible Kali Linux Updates*
2
2018-10-31T23:05:20.018724-0700192.168.29.133192.99.200.113ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management*
3
2018-10-31T23:05:20.134406-0700192.168.29.133152.3.102.53ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management*
4
2018-10-31T23:05:29.615669-0700192.168.29.1192.168.29.255ET POLICY Spotify P2P Client*
DNS 810
Showing 1-20 of 810 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2018-10-31T23:05:19.855778-0700192.168.29.133192.168.29.2query_https._tcp.download.docker.comSRV(not set)
2
2018-10-31T23:05:19.858312-0700192.168.29.2192.168.29.133answer_https._tcp.download.docker.comSRV(not set)
3
2018-10-31T23:05:19.858971-0700192.168.29.133192.168.29.2querydownload.docker.comA(not set)
4
2018-10-31T23:05:19.859001-0700192.168.29.133192.168.29.2querydownload.docker.comAAAA(not set)
5
2018-10-31T23:05:19.867001-0700192.168.29.2192.168.29.133answerdownload.docker.comA(not set)
6
2018-10-31T23:05:19.870795-0700192.168.29.2192.168.29.133answerdownload.docker.comAAAA(not set)
7
2018-10-31T23:05:19.855742-0700192.168.29.133192.168.29.2query_http._tcp.http.kali.orgSRV(not set)
8
2018-10-31T23:05:19.863533-0700192.168.29.133192.168.29.2queryhttp.kali.orgA(not set)
9
2018-10-31T23:05:19.863563-0700192.168.29.133192.168.29.2queryhttp.kali.orgAAAA(not set)
10
2018-10-31T23:05:19.870812-0700192.168.29.2192.168.29.133answerhttp.kali.orgAAAA(not set)
11
2018-10-31T23:05:19.880668-0700192.168.29.2192.168.29.133answerhttp.kali.orgA(not set)
12
2018-10-31T23:05:19.863232-0700192.168.29.2192.168.29.133answer_http._tcp.http.kali.orgSRV(not set)
13
2018-10-31T23:05:24.746665-0700192.168.29.133192.168.29.2queryxn--thibaud-dya.frA(not set)
14
2018-10-31T23:05:24.746713-0700192.168.29.133192.168.29.2queryxn--thibaud-dya.frAAAA(not set)
15
2018-10-31T23:05:24.749481-0700192.168.29.2192.168.29.133answerxn--thibaud-dya.frA(not set)
16
2018-10-31T23:05:24.752013-0700192.168.29.2192.168.29.133answerxn--thibaud-dya.frAAAA(not set)
17
2018-10-31T23:05:24.753182-0700192.168.29.133192.168.29.2queryxn--thibaud-dya.frA(not set)
18
2018-10-31T23:05:24.753231-0700192.168.29.133192.168.29.2queryxn--thibaud-dya.frAAAA(not set)
19
2018-10-31T23:05:24.756088-0700192.168.29.2192.168.29.133answerxn--thibaud-dya.frA(not set)
20
2018-10-31T23:05:24.756109-0700192.168.29.2192.168.29.133answerxn--thibaud-dya.frAAAA(not set)
TLS 92
Showing 1-20 of 92 items.
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
1
2018-10-31T23:05:19.911873-0700192.168.29.13352.85.89.46TLS 1.2download.docker.com
2
2018-10-31T23:05:29.720514-0700192.168.29.13354.192.53.27TLS 1.2c.amazon-adsystem.com
3
2018-10-31T23:05:26.511657-0700192.168.29.13352.55.23.1TLS 1.2deviceinfo.capitalone.com
4
2018-10-31T23:05:26.606332-0700192.168.29.13354.175.113.97TLS 1.2nexus.ensighten.com
5
2018-10-31T23:05:31.570170-0700192.168.29.133104.112.43.206TLS 1.2s.pinimg.com
6
2018-10-31T23:05:32.834292-0700192.168.29.133100.24.91.252TLS 1.2dt.sfvwe.com
7
2018-10-31T23:05:32.835655-0700192.168.29.133100.24.91.252TLS 1.2dt.sfvwe.com
8
2018-10-31T23:05:32.836188-0700192.168.29.133100.24.91.252TLS 1.2dt.sfvwe.com
9
2018-10-31T23:05:32.926348-0700192.168.29.133100.24.91.252TLS 1.2dt.sfvwe.com
10
2018-10-31T23:05:29.270252-0700192.168.29.13372.21.91.66TLS 1.3platform.twitter.com
11
2018-10-31T23:05:32.447050-0700192.168.29.133104.112.43.206TLS 1.2s.pinimg.com
12
2018-10-31T23:05:33.005592-0700192.168.29.133100.24.91.252TLS 1.2dt.sfvwe.com
13
2018-10-31T23:05:33.006498-0700192.168.29.133100.24.91.252TLS 1.2dt.sfvwe.com
14
2018-10-31T23:05:32.926367-0700192.168.29.133100.24.91.252TLS 1.2dt.sfvwe.com
15
2018-10-31T23:05:32.928762-0700192.168.29.133100.24.91.252TLS 1.2dt.sfvwe.com
16
2018-10-31T23:05:33.005594-0700192.168.29.133100.24.91.252TLS 1.2dt.sfvwe.com
17
2018-10-31T23:05:26.354947-0700192.168.29.13354.175.113.97TLS 1.2nexus.ensighten.com
18
2018-10-31T23:05:27.026544-0700192.168.29.13366.235.144.46TLS 1.2smetrics.capitalone.com
19
2018-10-31T23:05:27.081234-0700192.168.29.133151.101.250.110TLS 1.2js-agent.newrelic.com
20
2018-10-31T23:05:28.444702-0700192.168.29.13352.20.137.104TLS 1.2d.agkn.com
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 30
Showing 1-20 of 30 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2018-10-31T23:05:24.977902-0700192.168.29.133xn--thibaud-dya.fr80GET/theme/css/pygment.css304
2
2018-10-31T23:05:25.001301-0700192.168.29.133xn--thibaud-dya.fr80GET/theme/css/style.css304
3
2018-10-31T23:05:25.250967-0700192.168.29.133xn--thibaud-dya.fr80GET/res/robots_txt_3.png304
4
2018-10-31T23:05:20.018724-0700192.168.29.133http.kali.org80GET/kali/dists/kali-rolling/InRelease302
5
2018-10-31T23:05:20.134406-0700192.168.29.133archive.linux.duke.edu80GET/kalilinux/kali/dists/kali-rolling/InRelease304
6
2018-10-31T23:05:32.933112-0700192.168.29.133detectportal.firefox.com80GET/success.txt200
7
2018-10-31T23:05:24.733287-0700192.168.29.133xn--thibaud-dya.fr80GET/robots.txt.html304
8
2018-10-31T23:05:32.979728-0700192.168.29.133detectportal.firefox.com80GET/success.txt200
9
2018-10-31T23:05:33.028263-0700192.168.29.133detectportal.firefox.com80GET/success.txt200
10
2018-10-31T23:05:33.046440-0700192.168.29.133detectportal.firefox.com80GET/success.txt200
11
2018-10-31T23:05:33.114612-0700192.168.29.133detectportal.firefox.com80GET/success.txt200
12
2018-10-31T23:05:33.176225-0700192.168.29.133detectportal.firefox.com80GET/success.txt200
13
2018-10-31T23:05:33.380338-0700192.168.29.133detectportal.firefox.com80GET/success.txt200
14
2018-10-31T23:05:33.489160-0700192.168.29.133detectportal.firefox.com80GET/success.txt200
15
2018-10-31T23:05:33.832581-0700192.168.29.133detectportal.firefox.com80GET/success.txt200
16
2018-10-31T23:05:33.896221-0700192.168.29.133detectportal.firefox.com80GET/success.txt200
17
2018-10-31T23:05:38.901025-0700192.168.29.133lgms.nl80GET/style.css304
18
2018-10-31T23:05:34.812362-0700192.168.29.133detectportal.firefox.com80GET/success.txt200
19
2018-10-31T23:05:39.325065-0700192.168.29.133lgms.nl80GET/patternbg.png200
20
2018-10-31T23:05:36.829444-0700192.168.29.133detectportal.firefox.com80GET/success.txt200
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 473
Showing 1-20 of 473 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2018-10-31T23:06:10.335131-07001050515656870flow192.168.29.1334208472.21.91.2980TCPpcapanalyzer
2
2018-10-31T23:06:10.335131-07002112344770266291flow192.168.29.13333041192.168.29.253UDPpcapanalyzer
3
2018-10-31T23:06:10.335131-0700986590892110352flow192.168.29.13336754192.168.29.253UDPpcapanalyzer
4
2018-10-31T23:06:10.335131-0700564447147536098flow192.168.29.1334957218.191.10.239443TCPpcapanalyzer
5
2018-10-31T23:06:10.335131-0700846119693256593flow192.168.29.13358093192.168.29.253UDPpcapanalyzer
6
2018-10-31T23:06:10.335131-0700987003209171396flow192.168.29.13357910100.24.91.252443TCPpcapanalyzer
7
2018-10-31T23:06:10.335131-0700846265719884418flow192.168.29.1333758834.206.91.7443TCPpcapanalyzer
8
2018-10-31T23:06:10.335131-0700564825102829458flow192.168.29.1334123823.50.229.102443TCPpcapanalyzer
9
2018-10-31T23:06:10.335131-07001831879112253287flow192.168.29.13343479192.168.29.253UDPpcapanalyzer
10
2018-10-31T23:06:10.335131-0700706017858685663flow192.168.29.13357922100.24.91.252443TCPpcapanalyzer
11
2018-10-31T23:06:10.335131-07001832059499068098flow192.168.29.13353443192.168.29.253UDPpcapanalyzer
12
2018-10-31T23:06:10.335131-07001550721962414130flow192.168.29.1333335835.186.194.58443TCPpcapanalyzer
13
2018-10-31T23:06:10.335131-07001973058980314654flow192.168.29.13334932192.168.29.253UDPpcapanalyzer
14
2018-10-31T23:06:10.335131-07001973101932299200flow192.168.29.1334883280.100.131.15080TCPpcapanalyzer
15
2018-10-31T23:06:10.335131-07001832970033078267flow192.168.29.13343352151.101.248.133443TCPpcapanalyzer
16
2018-10-31T23:06:10.335131-07001692404342769529flow192.168.29.13344441192.168.29.253UDPpcapanalyzer
17
2018-10-31T23:06:10.335131-07001692404341871970flow192.168.29.13333244104.112.38.213443TCPpcapanalyzer
18
2018-10-31T23:06:10.335131-0700566543089867611flow192.168.29.13360528192.168.29.253UDPpcapanalyzer
19
2018-10-31T23:06:10.335131-07001974201442107834flow192.168.29.13357920100.24.91.252443TCPpcapanalyzer
20
2018-10-31T23:06:10.335131-0700144807367339148flow192.168.29.13354270192.168.29.253UDPpcapanalyzer
File 24
Showing 1-20 of 24 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2018-10-31T23:05:20.018724-0700192.99.200.113192.168.29.133/kali/dists/kali-rolling/InReleaseHTML document, ASCII text336
2
2018-10-31T23:05:32.933112-070065.222.200.168192.168.29.133/success.txtASCII text8
3
2018-10-31T23:05:32.979728-070065.222.200.168192.168.29.133/success.txtASCII text8
4
2018-10-31T23:05:33.028263-070065.222.200.168192.168.29.133/success.txtASCII text8
5
2018-10-31T23:05:33.046440-070065.222.200.168192.168.29.133/success.txtASCII text8
6
2018-10-31T23:05:33.114612-070065.222.200.168192.168.29.133/success.txtASCII text8
7
2018-10-31T23:05:33.176225-070065.222.200.168192.168.29.133/success.txtASCII text8
8
2018-10-31T23:05:33.380338-070065.222.200.168192.168.29.133/success.txtASCII text8
9
2018-10-31T23:05:33.489160-070065.222.200.168192.168.29.133/success.txtASCII text8
10
2018-10-31T23:05:33.832581-070065.222.200.168192.168.29.133/success.txtASCII text8
11
2018-10-31T23:05:33.896221-070065.222.200.168192.168.29.133/success.txtASCII text8
12
2018-10-31T23:05:39.325065-070080.100.131.150192.168.29.133/patternbg.pngPNG image data, 1200 x 1200, 4-bit colormap, non-interlaced33702
13
2018-10-31T23:05:34.812362-070065.222.200.168192.168.29.133/success.txtASCII text8
14
2018-10-31T23:05:36.829444-070065.222.200.168192.168.29.133/success.txtASCII text8
15
2018-10-31T23:05:37.604528-070065.222.200.168192.168.29.133/success.txtASCII text8
16
2018-10-31T23:05:38.784997-070080.100.131.150192.168.29.133/blog-10HTML document, ASCII text, with very long lines, with CRLF, LF line terminators11698
17
2018-10-31T23:05:40.825902-070065.222.200.168192.168.29.133/success.txtASCII text8
18
2018-10-31T23:05:43.443989-070065.222.200.168192.168.29.133/success.txtASCII text8
19
2018-10-31T23:06:01.211883-070080.100.131.150192.168.29.133/HTML document, ASCII text, with CRLF line terminators874
20
2018-10-31T23:06:02.340223-070080.100.131.150192.168.29.133/blogHTML document, ASCII text, with very long lines, with CRLF line terminators1054

Comments(not set)

Update Download PCAP Delete