3523 Lab 3 Spooky PCAP.pcap

MD5	184f20690bcc395012165cf4eb96dda7
Submission Date	2018-11-09 13:14:36
Tags

Alert 36

Showing 1-20 of 36 items.

Timestamp

Src Ip

Dest Ip

Alert Signature

2010-03-14T06:56:44.578927-0700

10.0.0.5

10.0.3.115

ET SCAN Possible Nmap User-Agent Observed

2010-03-14T06:56:44.579865-0700

10.0.0.5

10.0.3.115

ET SCAN Possible Nmap User-Agent Observed

2010-03-14T06:56:44.627637-0700

10.0.0.5

10.0.3.115

ET SCAN Possible Nmap User-Agent Observed

2010-03-14T06:56:44.670418-0700

10.0.0.5

10.0.3.115

ET SCAN Possible Nmap User-Agent Observed

2010-03-14T06:56:44.629234-0700

10.0.0.5

10.0.3.115

ET SCAN Possible Nmap User-Agent Observed

2010-03-14T06:57:42.090134-0700

10.0.3.249

10.0.3.12

ET DNS Query for .cc TLD

2010-03-14T06:57:42.090138-0700

10.0.3.249

10.0.3.12

ET DNS Query for .cc TLD

2010-03-14T06:57:42.090453-0700

10.0.3.12

10.0.3.1

ET DNS Query for .cc TLD

2010-03-14T06:57:42.090460-0700

10.0.3.12

10.0.3.1

ET DNS Query for .cc TLD

2010-03-14T06:57:33.994492-0700

10.0.3.249

10.0.3.12

ET INFO Observed DNS Query to .biz TLD

2010-03-14T06:57:33.994496-0700

10.0.3.249

10.0.3.12

ET INFO Observed DNS Query to .biz TLD

2010-03-14T06:57:33.994821-0700

10.0.3.12

10.0.3.1

ET INFO Observed DNS Query to .biz TLD

2010-03-14T06:57:33.994824-0700

10.0.3.12

10.0.3.1

ET INFO Observed DNS Query to .biz TLD

2010-03-14T07:08:35.751490-0700

10.0.3.249

91.189.88.46

ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management

2010-03-14T07:16:33.587347-0700

10.0.0.50

10.0.3.115

ET POLICY Outgoing Basic Auth Base64 HTTP Password detected unencrypted

2010-03-14T07:16:44.072839-0700

10.0.0.50

10.0.3.115

ET POLICY Http Client Body contains pass= in cleartext

Timestamp	2010-03-14T07:16:33.112383-0700
Flow Id	1843498475139658
Source IP	10.0.0.50
Source Port	48850
Destination IP	10.0.3.115
Destination Port	80
Protocol	TCP
Alert Signature	ET SHELLCODE Rothenburg Shellcode
Alert Category	Executable Code was Detected
Alert Severity	1
Alert Gid	1
Alert Signature Id	2009247
Payload Printable	GET /tuner/TunerGuide.php3?userID=BUJ;uTOCol2XNAtg"w]5MmTsQ0v7'H7LOIiKI,{6ro]OgMq(L3_J7bSq;CTbZ2.bp;,7W9jaZVoY_[gxVxFV[Jm4HL~rvlow9tPpL[([ys1KW4z}u_6B89zPO\|$-.d6==3)yit!zuL@4y@kD,)W)9KThjI`,V.JGRj^6opJF=8b=JJXr$scPJ6i2'I3ZX$eab-mz7[yN>j"X,qnO0$)1]'P@}MLf)~L1jl"x<ax)~k-S~s1=Z@6u`ZUsZNk2<l......ujLY...t$.[.s..2..........Kf.GQ.2....^.KV0......`.2.......F.....N....t...YI.e0.......0...{..3k..z.2...jz..2...o...y5.t....Y....a......2...j.....j..J..2..2......k..f......R.o...2...A...Z...5Dl!........Z.9.2Dl.b...b.....fy.n......2<,.....e.{B..FLa.....Ff....Z.U..Dl.......FLX...d....s.f.0..r...2...2..=a^FL....d...0bq..n.Z.}<oGWzZFSF;Fs.6-}"8'{zCuVN~aqp!POwTQQefwHlMt>KBi~2kQPQwvnG.j~zE4zx))l`n`nRBV1<NR8u@l,eamZ2-7][nqIpsi}Ua}za@IkdB>EC[SiN\|^q=Df$TAzG`N<~-{DK,m-CT}IgQ`3OF(9h'VB<!O~RSo05<VhY'D0">)3IZH~@wY}MWKOcqxU=Eu0[k]p'eEVTV_@;WQ@jIVt=;_\|ZYn9k1>5MfEGh[HXQV6<7cL,rbgT[C$Ah0PR)fTL4~>V\|u,-WU3"N'"eI-gXwleknc(0V`IRy^x-j[GM<Mg7~TY3rsHCdOWk).HK_CDA=77~H!iL[Pqh'.iIE!^8IGveI@hYlYd<K(RUURt~Aw<(o868f]^a,dEQ50y=soR~gn=kJzG2(=MCCeZ.X8ki\|=Z\|cEq]0k_oX]YN2H~iSt@,`eN=.k<P;58{EU2aUGTIthnkkU1[fOVNymQV_`lOKF<GL9{Hda{qE2uAwpeKXR6q9Y`Za1tWlDM1JC==Y}yDL_[3I6xu(MxLEELMG,xNWRh0AUkC'2tq98iK@vSp(v!9swJ4t!.POwZ;P}{^,VGJIL\|>oi;2K`@lKc2GzY>35frTjSF~Abk@`arD6-p`7cndfOq>$qsNqOHG;)q}1I['W\|k43}Jm,_5.SO}K1yY@HF;H,Fm.kQUm1qMn3TEL(c~r2.Ziu6djjb9qjDAQ[IPR~],t38(4l9N^g4IAU}izVD)rrRIhaw4hLqlncFyZS9<$pv<$!Ic$.NpJ.D42M_tX>1CKore5=U\|0mQ.f1eVPHA.r@nlYh$`6<OL3k]hzQ@_q]7D}ABn)j"8!>T9,~1RtUW{h_cc]6RTfj(ht)3_kkpH"-5)gRGva5jsXp~SqhGJmJk(S^Vi_wR44PJr[]=mPJ[Ds^=gXSB6VyM<eqOe\|D)(lfdX}@_RA1WC8SU.4z3LuWdxoVxR~z8FDQGB32CIXj92ScgCDX41e{o.`0hxnrmmNWNiaDyNat4CJ;v".kagW!FJFnBDyU100hj6fjt}Nblx(@@5_MLF[tSy};m'rZP508`20$ej{c\|eq3bCe4>}G_tQ;yET,"eC3{1tEFMNf6!FNv^1Jdtb.T93d6`AV{Xk6<`ojwx.EK'I~-'1G'xRZC2;2iZ\|wo8c2pBP}7>sB[b;~4@1e886C0CAT>@)mP3aGEPH,TR5F"fG,ZS`$X}.41^3>@qQu^fbwNs!Jtyujcvd>A}kaXhV0,RV~{`gN@4jwxyKYYXHHEV>rOiH!@mZmlrN[~"odr2QyN,P1K.@lG['X$;8=D;k;cB}CF,ui9!wi76K0GV-LKuGMw@emBukotGur_k]7vXHd"_Mq07Eh!}3.Qsqf"5jwwuvDL'89b0gJEtY(5}oyaLyI$RmNGfsBz{w3VXW34DbIrz12>xudu"ITS`d2Ai$W(DEfIpB~;yqmNwVH7Yab5vY',q=Ss39gYhA_D=R;y)jZ-AIdgZ<";0tvdD5]MJHxXB!G$><zR5zJ5tIB[AdWVXQR~44E0O'2wS]MK'aeN3..kbR_Qr(l6'OU'=3ayPxvnkXzJa)-m,e6t5i@G2`YQ-{u)>ecpr@R,-C6Fn{Xnvb}X.G~R>`L8SH'kNl9K3$D`n3DKZ[VbEo0Mn}}'eeUvwp;7bPlZ]74IzayQINZ(>}}kuiP,]DvwuPK}eE`~u.Im=35bzfS8JJTl_<,1rS)87ceHeA3>(`4,W8ekJ'vf}zZVmICt]]ArTxZsO"kr"Ci^UHy-VI~J]C=mDm^IRps`Z";e'98xn}no4d37$P^8GfkPTFnSJIjXpHUy4D^FO3QAm<)57"Iq)4(HZHv]D{yxjZN2FAOA4c9QZEZ0Y\|XNP7jPROX`V6rGEDLBBZgXXwkshN9Em}UY'bVok-;KVsE.eA!JaJ_<}3W=;XabbXt1t@1LU[(\|DhEe3qUZmGHAIj.Y[9IrrcI^1IXI_EY]4`Zm^T@li$cOB9zve'610S5q!6^tlur6BX}1i"SE{2s[ZgQBOI74Xe![8eniFhO$,^sJ(T1<..=6kttjoZJQyNE8N@=m"R$.~"DY.Oy-mW.lN!4roa[V8fE({Y8}'2YQ3}2h0E'jw\|!e{]@ZNP5T'aOx`IoH$BH>4QKl1okGv<O{]8L(G9]ar6}cTMFJE7'hVwoMo]K(a"JdXw,`]\|F^[98W3>JA^{mPl,5-,0BLRk4d,wcBdRgNao5SjFm-\|0E"b.C[w9vu7s})C_KE.v.>wk"O)^[.@izE^T'eSP

2010-03-14T07:16:33.112383-0700

10.0.0.50

10.0.3.115

ET SHELLCODE Rothenburg Shellcode

2010-03-14T07:16:44.068147-0700

10.0.0.50

10.0.3.115

ET POLICY Http Client Body contains pass= in cleartext

Timestamp	2010-03-14T07:17:06.972105-0700
Flow Id	1721718974631178
Source IP	10.0.0.50
Source Port	59270
Destination IP	10.0.3.115
Destination Port	80
Protocol	TCP
Alert Signature	ET SHELLCODE Rothenburg Shellcode
Alert Category	Executable Code was Detected
Alert Severity	1
Alert Gid	1
Alert Signature Id	2009247
Payload Printable	GET /OvCgi/Main/Snmp.exe HTTP/1.1 Host: 10.0.3.115 Content-Type: application/x-www-form-urlencoded Content-Length: 5819 Host=&Oid=VSEVLIKMIBYKBZMLXTQDFABIVORRTALBYNUEIETAVBSVWBAROSYVOJVOITDIHYINUMSPEVDWLPVDHVCFLZFQNCOMRGSIEVSXFTIPMHPTLIPYVKCWQVPPIOQTLPBVZHVLPUQZQWOEFKVMULIYLPRJTRMYXJDTOIYLYZSFKLGJTGGFGMJFMUXMBJLSLUNDLHXIJKQKRKDFTAZVZDJVQOATJKASGQXJSTSCNIZEHKBNCKZFLJVYHQZOSSOGPZRVXOVLKEBWNJQNOVCTXYLOPMIEIDVEXDYNHZIXTUEKCUXBQHGEFZNBGAJUGKFKANMQZNFNBRJFFHYGDGONHCSHOYTHQVJMNANSWNMRYDWDVVAVAZWMDHWYPRVUIUUAYVMIPZWSJCCUGVWOPCMUSHZRSVYYNDXEMMIRMHTRPNCDZKGJFGCSNKSBHSINFPCTDHPTVFEHLGNKSIJTDZQHVVHRXDVZAJQFOGOYIEUNOZFAZYMGEQPINZQOEWSCCEPKFVBBFZYMSMSJHRHTMCAMBYOBIRTSHPIUXSTZBCVKBIHUXQKBXMHRHKWBQSSTFHCJDLNIOIJVJYCLMLIRHZDUGVEJTVQNECJMGUVZBYDMKPLMASLDZZHKYAIXQFZLASQJKNBAATDDNIHPZKGGBKQFZRVHRVEKGLXREFZWHFYFNNALAZGERNVGZXGGFSAGJJFSGOAMSTFAQEVYLQXOQRDZNVAJXIZMDFAWPNBTXECSPCAVIWYBAKARNGAQXBKACHYGHPKDRXAIMBHJWVMBSQOZUZDJSGLLNYQMAKSNTRDJLTQVSRQGADZQEDGYNLEMDZZQPBVOLEIAZVYJFWBAQUBQOKMKEQJSGFSAJZZQCEBVNKRMYLFDZRYGCMPPPNSKFVTLYZBHVXRBTVPCOZHNDEZMQSETEYXUFZZPTLLKIDKSSGAONLIAEWKVUKBRXEGHKHZJGHMTEWWKLXTEGZKLMLWOJKYSPFLURYKGUXRICCVQWKOGMYRFIHJRQBZOHLAWDXJGWLDQHOQFJPDIPBHVELOLJZQWUOKFHUAYQYBLXZGQZLGMUREJQTMYDVQDOBUQHCDDAOXKACVTXJXUWSBHFUQZTLWMOXWTXNMUNGHDJSXRSMEXQVUKWHTXZKGWZOYCAQBSBKTINDJCZYUMPSDWTMOBDNDEQUVOVSSCCXPYLCIZKEFQZQWXSZMRBCTXRFFUHFCAVWFWLFZTMVVZHWDKOTSUAYGWCFEDWBJROOLYXAIXYVGUSVWGHPJCNIPCJQZHCMESSESUGFIQLLSZBXVINJNKQQZABSHJCLDWGKSVHPNQQFZTXAUUYGRLOXNKXKGCDSPEMUTTXPTWCINUHBVLFFUUSGMEMANTYJKSEIKTQXYCEYCMGMAQKXILDJHZPLATRRBJARFOGTMIHUQRFBRZUOQIFCDMDAJEJIELJWNILSNQCAWXOWEEWQVAUMDKUKFSIDHFMZLLPEBJYTVLEFYFDHSAZTTSZIBREQCOCIKMVAFQRAJIFDDSKDHCITBRGFWFTUBQXTTWSZGHSFQNZPRRWICGXVXXMQPHVDQXSWKCUMSOKIFKKKWLNBQCMUYRNGWKHBJSWCHEAVBVWDSGFMIFEOHAEVALXUMWEZJGPZOXEZHEMOGTTEKVOMKUPTMHBEPXEUMOVICWJFZNTAZAMUKNOBCDRJZTWMNYBRVZXCPOWDAAXOAZPZERUTFGQBKMKCWMZJDRASEXEXQJPAZCJDVMTESFUOFIHBDRPOSGXUABVCTMHJGVZEVCPIHJPNDJLQRMBLMDBVNCYTNVIZFZVYEQSSHYVTTVOLYYYCTQFHMOSYOGEGUBQKJVSUWIHHKPLLYTYGFXXJTLPPVSNEEXBVWEUCMBAZBMAPKBNJOEWUZDIRZFQVZSHGOGSICUMOMEPWFSFRUJBRXGSWWWOXLAQVTROFSIITUTZUPSLZSGKKMZHORKIFDXJIYUDCBGVUFMDJWSIAVQAFWEGQZIWEZWCHLNZDWMGMEUOBGVCEJMWQAYCXQBMCDJPTJPRIRFVHZJOQMQEHXVCOKBVLPTWFSDSSIJYPVHMTILJHHPMVCNSWXGJKQQIKNWRHACMRDJLQDHEANXMOCMGFKBBBZHHMODFLBVLOQKMOMONFEZBYXGPBCVDPWYOARMURUYIQKQBDNRQQQYJKPXFFMHKWNBMCMZIEQSZUETTJEVVIRBGQLBDSEJDZNVHEDYBAGXMQWRTKSLGSXZVGPSLNWUKPOCDKCRXIGKHFZEXVMCKPQFMUJUGLSOBCMFBTRIJGMSFXETRFXVDGJMEXFCDXXHUYALHCRMQSSDIPHANZCYTFUUXTBVMBEHEOCEUIUOYYOGKIWKREWDOHCYTTJTMWEEIWERTLWZLUPSVPDWXAOBSLJYPFREDIGCYFNJZVWWTWWDVDQDIMWBTXPIDVNCYZAGDXICQNCAJTKCFPRZIQGQSRLCRSFMEXQQEINEWDZEWUVFFXVYLAEVYWCPULTBYPIYXTJCMVBPIZOKOEJOYZVXBPSLAUGTAQAOVWVUHKYTXGCERDTFAFGWRCKUJDNNKVJCZSOLMYMBCRXLLTNEAVDUJYEJGVNZETXIMQJHPAIFLUYQNNKBPSUJLFYBAYNFYJVOJFLQIEWPVCTQOUJOSLNKATBAHQOOEWKNNBRXYHEJCGXNDPFLEAVNMIMQFYYULDCUQGOFEHHRYALIMLWNNNYDBGCWYUDLOEASFIOHTBLJVOVVWOMQNPIJDGZHEBCRHBXVURXZYOPWSFCAQTYFKSLFKGLUZBBAUIAIDBIFYWVMVXMDQYITMGPAHVHKLRSWOZWKTFTLYOMEZMPAGCWOLMHNCIXXKPRHOZFAQCECJAQXPSPNHRMECRQZLDSGHBACCZAXAWGAXIAORRXVJKTBPXYUGWNFVSKHEHAWCOPQQCAWMRGBGTVRTZOXPPUPDKWEUFWKCJTHWEPADJPXOTTSGSFPDDXBKXYSRIHLCMPYEPJWZHZVAGHCAAOJPOOWZTHEZLCXRAYJICPJVWWTOZQZFWVPRDYYRXGAPOKZEIHCMMCTNFKLTGOPZRKKXZXAJGMBMCVLGWNMIOZBXPUZKDBWFYOPRYBSCQUWZPAWKLBUHTAIILJZCWGICEKNTJUQTIDTKCKKSRAUTMJGMKJCWIXKGTWOQVBHZPDZFPMSSRDZTYZDZNWGIPBTQUDMUYZMXYVLZTNGOCOTDARPWFIACRHJFQQCWICZHPCYXRSKXQRKVDXBGKRZLMGQVIYJIIFUGABSGMWWKLJHOXFHGJOABEXQFTOBAUXCGBFEPGDMLDJEWVNNIIUSGAYFFCSRRUVNYUHQVHJJPZFIXZCANEMYWHLIBAKOGIMHHXAWCFVJWTBSIUHHLLTXQVDSAZGGSIHWRFXGZUNIBCRVICJMFATFKBTTLOSICZYYJUQTHWQVLGLJNYYTOSMHPKOLJIGUTNECNQGIKGPMMRICUWOLIFFKUWSGUEJBBRCMJLSPFFAFITPUDCRTWQYDPMFZHVLRDPOOPXUWMHEXVFCNDLJPKWBUVXBKTISIWJOEKSVQSXFEDFCKFTXCBSVIFTXJRXUMZHFFHFFOTQCYAPBALEDSKPSHODJRRNMMNPGRAOSPKQBTCNICPSAPRDRXESONYXTEMWTTZSOCLIWNFSCUOIXQWZUTVHGQSLBNRCGUVGSZHKZHGMOZUKNSMFQSIDOOJGKAFSLYQAUOJHVGAHBHXLAAJBEENXUJNTBJGETPAEWGCKIXFFWPMUTXWLAFUVHSMAGXPDUDZJJOSMZOAVNYHQXGDHJJPDYZSPSFBBCRVWCMRIZNLDODWXHLRQJWNRKUPLBXPGYUENXCWBPYBVYELKROITPKWDDZQIYVVIZOCTLDZZZRDZTDVKYGWETSKJTOBGYMGHAVMDGEAJXNDSNQMBILEOWNIGDFNXZVKUSXJGYCCUFBFILDVMRUNIFKOBWXTNGYIZJPIXP

2010-03-14T07:17:06.972105-0700

10.0.0.50

10.0.3.115

ET SHELLCODE Rothenburg Shellcode

2010-03-14T07:17:10.327110-0700

10.0.0.50

10.0.3.115

ET SHELLCODE Rothenburg Shellcode

DNS 5836

Showing 1-20 of 5,836 items.

Timestamp

Src Ip

Dest Ip

Dns Type

Resource Record Name

Resource Record Type

Resource Data

2010-03-14T06:48:18.061877-0700

10.0.0.35

10.0.3.12

query

12.3.0.10.in-addr.arpa

PTR

(not set)

2010-03-14T06:48:18.061882-0700

10.0.0.35

10.0.3.12

query

12.3.0.10.in-addr.arpa

PTR

(not set)

2010-03-14T06:48:18.062013-0700

10.0.3.12

10.0.0.35

answer

12.3.0.10.in-addr.arpa

PTR

(not set)

2010-03-14T06:48:18.062017-0700

10.0.3.12

10.0.0.35

answer

12.3.0.10.in-addr.arpa

PTR

(not set)

2010-03-14T06:48:18.059879-0700

10.0.0.35

10.0.3.12

query

overkill.team3.ccdc

(not set)

2010-03-14T06:48:18.059884-0700

10.0.0.35

10.0.3.12

query

overkill.team3.ccdc

(not set)

2010-03-14T06:48:18.060022-0700

10.0.3.12

10.0.0.35

answer

overkill.team3.ccdc

(not set)

2010-03-14T06:48:18.060026-0700

10.0.3.12

10.0.0.35

answer

overkill.team3.ccdc

(not set)

2010-03-14T06:48:18.041515-0700

10.0.0.35

10.0.3.12

query

dragon.team3.ccdc

(not set)

2010-03-14T06:48:18.041522-0700

10.0.0.35

10.0.3.12

query

dragon.team3.ccdc

(not set)

2010-03-14T06:48:18.041751-0700

10.0.3.12

10.0.0.35

answer

dragon.team3.ccdc

(not set)

2010-03-14T06:48:18.041755-0700

10.0.3.12

10.0.0.35

answer

dragon.team3.ccdc

(not set)

2010-03-14T06:48:18.056538-0700

10.0.0.35

10.0.3.12

query

196.3.0.10.in-addr.arpa

PTR

(not set)

2010-03-14T06:48:18.056543-0700

10.0.0.35

10.0.3.12

query

196.3.0.10.in-addr.arpa

PTR

(not set)

2010-03-14T06:48:18.056675-0700

10.0.3.12

10.0.0.35

answer

196.3.0.10.in-addr.arpa

PTR

(not set)

2010-03-14T06:48:18.056679-0700

10.0.3.12

10.0.0.35

answer

196.3.0.10.in-addr.arpa

PTR

(not set)

2010-03-14T06:48:18.066868-0700

10.0.0.35

10.0.3.12

query

solar.team3.ccdc

(not set)

2010-03-14T06:48:18.066873-0700

10.0.0.35

10.0.3.12

query

solar.team3.ccdc

(not set)

2010-03-14T06:48:18.066997-0700

10.0.3.12

10.0.0.35

answer

solar.team3.ccdc

(not set)

2010-03-14T06:48:18.067000-0700

10.0.3.12

10.0.0.35

answer

solar.team3.ccdc

(not set)

TLS 1

Showing 1-1 of 1 item.

Timestamp

Source IP

Destination IP

TLS Version

Server Name Indication

2010-03-14T06:56:44.572578-0700

10.0.0.5

10.0.3.249

TLSv1

(not set)

TFTP 0

#	Timestamp	Src Ip	Dest Ip	Tftp Packet	Tftp File	Tftp Mode
No results found.

HTTP 839

Showing 1-20 of 839 items.

Timestamp

Source

Hostname

Port

Method

URL

Status

2010-03-14T06:48:21.142899-0700

10.0.0.35

10.0.3.115

GET

/20925123831201292582205252910375765389346271169538291436235820932701587991492943384689490272569904865951485460595663648002181194

200

2010-03-14T06:49:24.231958-0700

10.0.3.249

www.google.com

GET

/cse?cx=partner-pub-9300639326172081%3Aqi7dvj9mh31&ie=UTF-8&q=script+useradd+-p&sa=Search

200

2010-03-14T06:49:24.042279-0700

10.0.3.249

www.google.com

GET

/intl/en/images/logos/custom_search_logo_sm.gif

200

2010-03-14T06:49:24.259164-0700

10.0.3.249

www.google.com

GET

/images/poweredby_transparent/poweredby_FFFFFF.gif

200

2010-03-14T06:49:24.278079-0700

10.0.3.249

www.google.com

GET

/favicon.ico

200

2010-03-14T06:49:26.951114-0700

10.0.3.249

www.unix.com

GET

/clientscript/vbulletin_important.css?v=384

200

2010-03-14T06:49:27.156121-0700

10.0.3.249

ubuntu.unix.com

GET

/clientscript/sorttable.js

301

2010-03-14T06:49:27.268394-0700

10.0.3.249

ubuntu.unix.com

GET

/clientscript/vbulletin_md5.js?v=384

301

2010-03-14T06:49:27.342643-0700

10.0.3.249

ubuntu.unix.com

GET

/clientscript/vbulletin_ajax_threadrate.js?v=384

301

2010-03-14T06:49:27.479642-0700

10.0.3.249

www.unix.com

GET

/clientscript/vbulletin_menu.js?v=384

200

2010-03-14T06:49:26.624177-0700

10.0.3.249

yui.yahooapis.com

GET

/2.7.0/build/connection/connection-min.js?v=384

200

2010-03-14T06:49:26.624281-0700

10.0.3.249

yui.yahooapis.com

GET

/2.7.0/build/yahoo-dom-event/yahoo-dom-event.js?v=384

200

2010-03-14T06:49:26.894199-0700

10.0.3.249

www.unix.com

GET

/unix-dummies-questions-answers/8674-useradd-script.html

200

2010-03-14T06:49:27.041331-0700

10.0.3.249

www.google.com

GET

/coop/cse/brand?form=cse-search-box&lang=en;hl=en

200

2010-03-14T06:49:27.498373-0700

10.0.3.249

www.unix.com

GET

/clientscript/vbulletin_post_loader.js?v=384

200

2010-03-14T06:49:26.984769-0700

10.0.3.249

pagead2.googlesyndication.com

GET

/pagead/show_ads.js

200

2010-03-14T06:49:27.163256-0700

10.0.3.249

ubuntu.unix.com

GET

/clientscript/vbulletin_global.js?v=384

301

2010-03-14T06:49:27.321240-0700

10.0.3.249

www.unix.com

GET

/clientscript/sorttable.js

200

2010-03-14T06:49:27.171823-0700

10.0.3.249

ubuntu.unix.com

GET

/clientscript/vbulletin_menu.js?v=384

301

2010-03-14T06:49:27.588412-0700

10.0.3.249

www.unix.com

GET

/clientscript/vbulletin_lightbox.js?v=384

200

SMB 0

#		Timestamp	Src Ip	Dest Ip	SMB Dialect	Command	Session	Tree
No results found.

SMTP 21

Showing 1-20 of 21 items.

Timestamp

Source

Destination

Email From

Email To

Subject

2010-03-14T06:48:22.128082-0700

10.0.0.35

10.0.3.249

(not set)

vmcguire <vmcguire@team3.ccdc>

(not set)

2010-03-14T06:54:48.817702-0700

10.0.0.161

10.0.3.249

(not set)

dclarke <dclarke@team3.ccdc>

(not set)

2010-03-14T06:56:24.673272-0700

10.0.0.197

10.0.3.249

(not set)

fcastaneda <fcastaneda@team3.ccdc>

(not set)

2010-03-14T06:50:08.713953-0700

10.0.0.62

10.0.3.249

(not set)

krowe <krowe@team3.ccdc>

(not set)

2010-03-14T06:51:39.353437-0700

10.0.0.206

10.0.3.249

(not set)

dhoover <dhoover@team3.ccdc>

(not set)

2010-03-14T06:53:16.379508-0700

10.0.0.242

10.0.3.249

(not set)

dmcgowan <dmcgowan@team3.ccdc>

(not set)

2010-03-14T07:03:37.148010-0700

10.0.0.53

10.0.3.249

(not set)

ngilliam <ngilliam@team3.ccdc>

(not set)

2010-03-14T06:59:54.534817-0700

10.0.0.170

10.0.3.249

(not set)

ncompton <ncompton@team3.ccdc>

(not set)

2010-03-14T07:01:51.322328-0700

10.0.0.71

10.0.3.249

(not set)

sfoley <sfoley@team3.ccdc>

(not set)

2010-03-14T07:05:21.925157-0700

10.0.0.98

10.0.3.249

(not set)

sfoster <sfoster@team3.ccdc>

(not set)

2010-03-14T06:58:21.668666-0700

10.0.0.188

10.0.3.249

(not set)

astark <astark@team3.ccdc>

(not set)

2010-03-14T07:06:50.371827-0700

10.0.0.53

10.0.3.249

(not set)

jfulton <jfulton@team3.ccdc>

(not set)

2010-03-14T07:12:00.112069-0700

10.0.0.35

10.0.3.249

(not set)

hworkman <hworkman@team3.ccdc>

(not set)

2010-03-14T07:13:43.722466-0700

10.0.0.71

10.0.3.249

(not set)

rslater <rslater@team3.ccdc>

(not set)

2010-03-14T07:08:17.835708-0700

10.0.0.26

10.0.3.249

(not set)

therring <therring@team3.ccdc>

(not set)

2010-03-14T07:15:14.416209-0700

10.0.0.71

10.0.3.249

(not set)

eestrada <eestrada@team3.ccdc>

(not set)

2010-03-14T07:17:01.234893-0700

10.0.0.170

10.0.3.249

(not set)

driggs <driggs@team3.ccdc>

(not set)

2010-03-14T07:18:52.071819-0700

10.0.0.152

10.0.3.249

(not set)

adillard <adillard@team3.ccdc>

(not set)

2010-03-14T07:21:58.441289-0700

10.0.0.80

10.0.3.249

(not set)

jdouglas <jdouglas@team3.ccdc>

(not set)

2010-03-14T07:17:47.376531-0700

10.0.0.50

10.0.3.249

(not set)

Flow 35588

Showing 1-20 of 35,588 items.

Timestamp

Flow Id

Event Type

Source

Source Port

Destination

Destination Port

Protocol

Host

2010-03-14T06:49:28.500179-0700

1131787923359028

flow

10.0.0.35

42686

10.0.3.12

UDP

pcapanalyzer

2010-03-14T06:49:28.500179-0700

992626684297640

flow

169.254.106.219

138

169.254.255.255

138

UDP

pcapanalyzer

2010-03-14T06:49:28.500179-0700

713290605064629

flow

10.0.0.35

59321

10.0.3.12

UDP

pcapanalyzer

2010-03-14T06:49:28.500179-0700

717448133080787

flow

10.0.3.249

41207

74.125.67.190

443

TCP

pcapanalyzer

2010-03-14T06:49:28.500179-0700

1019483118558426

flow

10.0.0.35

46685

10.0.3.12

UDP

pcapanalyzer

2010-03-14T06:49:28.500179-0700

181225761438410

flow

10.0.0.35

42618

10.0.3.12

UDP

pcapanalyzer

2010-03-14T06:49:28.500179-0700

1063270310091197

flow

10.0.0.35

54741

10.0.3.12

UDP

pcapanalyzer

2010-03-14T06:49:28.500179-0700

1213018639856530

flow

10.0.0.35

40921

10.0.3.12

UDP

pcapanalyzer

2010-03-14T06:49:28.500179-0700

1101559939346121

flow

169.254.196.80

137

169.254.255.255

137

UDP

pcapanalyzer

2010-03-14T06:49:28.500179-0700

1383412872495969

flow

0.0.0.0

255.255.255.255

UDP

pcapanalyzer

2010-03-14T06:49:28.500179-0700

1106932947657259

flow

10.0.0.35

54783

10.0.3.12

UDP

pcapanalyzer

2010-03-14T06:49:28.500179-0700

837269131028967

flow

10.0.0.35

37522

10.0.3.12

UDP

pcapanalyzer

2010-03-14T06:56:42.574240-0700

845506882982810

flow

10.0.3.249

40686

64.94.107.20

TCP

pcapanalyzer

2010-03-14T06:56:42.574326-0700

1271477444423719

flow

10.0.3.249

50926

174.143.150.86

TCP

pcapanalyzer

2010-03-14T06:56:42.574326-0700

1555675430360795

flow

10.0.3.249

38470

204.11.109.21

TCP

pcapanalyzer

2010-03-14T06:56:42.574326-0700

430247969869930

flow

10.0.3.249

47431

165.91.254.15

TCP

pcapanalyzer

2010-03-14T06:56:42.574326-0700

1134330549149462

flow

10.0.3.249

53254

207.211.21.246

TCP

pcapanalyzer

2010-03-14T06:56:42.574326-0700

1838481846967020

flow

10.0.3.249

46146

165.91.254.17

TCP

pcapanalyzer

2010-03-14T06:56:42.574326-0700

715489632889211

flow

10.0.3.249

40672

81.17.242.186

TCP

pcapanalyzer

2010-03-14T06:56:42.574326-0700

1561099973996207

flow

10.0.3.249

40673

81.17.242.186

TCP

pcapanalyzer

File 749

Showing 1-20 of 749 items.

Timestamp

Source

Destination

File Name

File Magic

File Size

2010-03-14T06:48:21.142899-0700

10.0.3.115

10.0.0.35

/20925123831201292582205252910375765389346271169538291436235820932701587991492943384689490272569904865951485460595663648002181194

data

136

2010-03-14T06:49:24.231958-0700

74.125.159.105

10.0.3.249

/cse

HTML document, ASCII text, with very long lines

25548

2010-03-14T06:49:24.042279-0700

74.125.159.105

10.0.3.249

/intl/en/images/logos/custom_search_logo_sm.gif

GIF image data, version 89a, 209 x 30

3174

2010-03-14T06:49:24.259164-0700

74.125.159.105

10.0.3.249

/images/poweredby_transparent/poweredby_FFFFFF.gif

GIF image data, version 89a, 56 x 20

1341

2010-03-14T06:49:24.278079-0700

74.125.159.105

10.0.3.249

/favicon.ico

MS Windows icon resource - 1 icon, 16x16

1150

2010-03-14T06:49:26.951114-0700

81.17.242.186

10.0.3.249

/clientscript/vbulletin_important.css

ISO-8859 text, with CRLF line terminators

1749

2010-03-14T06:49:27.156121-0700

81.17.242.186

10.0.3.249

/clientscript/sorttable.js

HTML document, ASCII text

253

2010-03-14T06:49:27.268394-0700

81.17.242.186

10.0.3.249

/clientscript/vbulletin_md5.js

HTML document, ASCII text

263

2010-03-14T06:49:27.342643-0700

81.17.242.186

10.0.3.249

/clientscript/vbulletin_ajax_threadrate.js

HTML document, ASCII text

275

2010-03-14T06:49:26.624177-0700

68.142.213.143

10.0.3.249

/2.7.0/build/connection/connection-min.js

ASCII text, with very long lines

11604

2010-03-14T06:49:26.624281-0700

68.142.213.143

10.0.3.249

/2.7.0/build/yahoo-dom-event/yahoo-dom-event.js

ASCII text, with very long lines

36628

2010-03-14T06:49:26.894199-0700

81.17.242.186

10.0.3.249

/unix-dummies-questions-answers/8674-useradd-script.html

HTML document, ASCII text, with CRLF, LF line terminators

86007

2010-03-14T06:49:27.479642-0700

81.17.242.186

10.0.3.249

/clientscript/vbulletin_menu.js

ISO-8859 text, with very long lines

9440

2010-03-14T06:49:27.041331-0700

74.125.159.105

10.0.3.249

/coop/cse/brand

Emacs v18 byte-compiled Lisp data

1668

2010-03-14T06:49:26.984769-0700

74.125.157.164

10.0.3.249

/pagead/show_ads.js

ASCII text, with very long lines

33475

2010-03-14T06:49:27.321240-0700

81.17.242.186

10.0.3.249

/clientscript/sorttable.js

HTML document, ISO-8859 text

7005

2010-03-14T06:49:27.163256-0700

81.17.242.186

10.0.3.249

/clientscript/vbulletin_global.js

HTML document, ASCII text

266

2010-03-14T06:49:27.498373-0700

81.17.242.186

10.0.3.249

/clientscript/vbulletin_post_loader.js

ISO-8859 text, with very long lines

2037

2010-03-14T06:49:27.171823-0700

81.17.242.186

10.0.3.249

/clientscript/vbulletin_menu.js

HTML document, ASCII text

264

2010-03-14T06:49:27.588412-0700

81.17.242.186

10.0.3.249

/clientscript/vbulletin_lightbox.js

ISO-8859 text, with very long lines

13002

Comments

Update Download PCAP Delete