Reto 5 - webDMZ-0c1ca642a1978d19e52885dc243f219c(1).pcap

MD50c1ca642a1978d19e52885dc243f219c
Submission Date2018-11-11 02:56:17
Tags(not set)
Alert 13
Showing 1-13 of 13 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2017-11-08T05:44:59.847141-0800192.168.1.135255.255.255.255ET EXPLOIT Possible CVE-2014-6271 exploit attempt via malicious DHCP ACK*
2
2017-11-08T05:45:00.348982-0800192.168.1.135255.255.255.255ET EXPLOIT Possible CVE-2014-6271 exploit attempt via malicious DHCP ACK*
3
2017-11-08T05:45:01.441292-0800192.168.1.135255.255.255.255ET EXPLOIT Possible CVE-2014-6271 exploit attempt via malicious DHCP ACK*
4
2017-11-08T05:45:01.511299-0800192.168.1.135255.255.255.255ET EXPLOIT Possible CVE-2014-6271 exploit attempt via malicious DHCP ACK*
5
2017-11-08T05:45:01.942623-0800192.168.1.135255.255.255.255ET EXPLOIT Possible CVE-2014-6271 exploit attempt via malicious DHCP ACK*
6
2017-11-08T05:45:02.013506-0800192.168.1.135255.255.255.255ET EXPLOIT Possible CVE-2014-6271 exploit attempt via malicious DHCP ACK*
7
2017-11-08T05:45:22.326250-0800192.168.1.138192.168.1.104ET SCAN Possible Nmap User-Agent Observed*
8
2017-11-08T05:45:55.284126-0800192.168.1.138192.168.1.104ET SCAN Possible Nmap User-Agent Observed*
9
2017-11-08T05:46:30.260867-0800192.168.1.138192.168.1.104ET SCAN Possible Nmap User-Agent Observed*
10
2017-11-08T05:46:45.339853-0800192.168.1.138192.168.1.104ET SCAN Possible Nmap User-Agent Observed*
11
2017-11-08T05:47:10.472496-0800192.168.1.138192.168.1.104ET SCAN Possible Nmap User-Agent Observed*
12
2017-11-08T05:48:03.940935-0800192.168.1.138192.168.1.104ET SCAN Possible Nmap User-Agent Observed
13
2017-11-08T05:48:03.940935-0800192.168.1.138192.168.1.104ET SCAN Possible Nmap User-Agent Observed
DNS 15
Showing 1-15 of 15 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2017-11-08T05:43:01.736821-0800192.168.1.135212.231.6.7queryapp.adjust.comAAAA(not set)
2
2017-11-08T05:43:01.758400-0800212.231.6.7192.168.1.135answerapp.adjust.comAAAA(not set)
3
2017-11-08T05:43:01.759143-0800192.168.1.135212.231.6.7queryapp.adjust.com.HomeAAAA(not set)
4
2017-11-08T05:43:01.778742-0800212.231.6.7192.168.1.135answerapp.adjust.com.HomeAAAA(not set)
5
2017-11-08T05:43:10.310186-0800192.168.1.135212.231.6.7querytiles-cloudfront.cdn.mozilla.netA(not set)
6
2017-11-08T05:43:10.336834-0800192.168.1.135212.231.6.7querydcky6u1m8u6el.cloudfront.netA(not set)
7
2017-11-08T05:43:10.370342-0800212.231.6.7192.168.1.135answerdcky6u1m8u6el.cloudfront.netA(not set)
8
2017-11-08T05:44:10.726698-0800192.168.1.135212.231.6.7querydcky6u1m8u6el.cloudfront.netA(not set)
9
2017-11-08T05:44:10.753420-0800212.231.6.7192.168.1.135answerdcky6u1m8u6el.cloudfront.netA(not set)
10
2017-11-08T05:44:10.699862-0800192.168.1.135212.231.6.7querytiles-cloudfront.cdn.mozilla.netA(not set)
11
2017-11-08T05:44:10.725244-0800212.231.6.7192.168.1.135answertiles-cloudfront.cdn.mozilla.netA(not set)
12
2017-11-08T05:48:08.572437-0800192.168.1.135212.231.6.7querywww.mozilla.org.cdn.cloudflare.netA(not set)
13
2017-11-08T05:48:08.592808-0800212.231.6.7192.168.1.135answerwww.mozilla.org.cdn.cloudflare.netA(not set)
14
2017-11-08T05:48:08.546144-0800192.168.1.135212.231.6.7querywww.mozilla.orgA(not set)
15
2017-11-08T05:48:08.571608-0800212.231.6.7192.168.1.135answerwww.mozilla.orgA(not set)
TLS 13
Showing 1-13 of 13 items.
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
1
2017-11-08T05:43:01.847461-0800192.168.1.135178.162.216.179TLS 1.2app.adjust.com
2
2017-11-08T05:43:09.692840-0800192.168.1.129192.168.1.104UNDETERMINED192.168.1.104
3
2017-11-08T05:43:47.844181-0800192.168.1.129192.168.1.104UNDETERMINED192.168.1.104
4
2017-11-08T05:44:23.033392-0800192.168.1.129192.168.1.104UNDETERMINED192.168.1.104
5
2017-11-08T05:44:53.198581-0800192.168.1.129192.168.1.104UNDETERMINED192.168.1.104
6
2017-11-08T05:46:38.905492-0800192.168.1.135178.162.219.152TLS 1.2app.adjust.com
7
2017-11-08T05:48:08.648504-0800192.168.1.135104.16.40.2TLS 1.2www.mozilla.org
8
2017-11-08T05:48:03.940935-0800192.168.1.138192.168.1.104UNDETERMINED(not set)
9
2017-11-08T05:48:03.940935-0800192.168.1.138192.168.1.104UNDETERMINED(not set)
10
2017-11-08T05:48:03.940935-0800192.168.1.138192.168.1.104UNDETERMINED(not set)
11
2017-11-08T05:48:03.940935-0800192.168.1.138192.168.1.104UNDETERMINED(not set)
12
2017-11-08T05:48:03.940935-0800192.168.1.138192.168.1.104UNDETERMINED(not set)
13
2017-11-08T05:48:03.940935-0800192.168.1.138192.168.1.104UNDETERMINED(not set)
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 33
Showing 1-20 of 33 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2017-11-08T05:43:09.260967-0800192.168.1.135192.168.1.1048000GET/200
2
2017-11-08T05:43:09.692840-0800192.168.1.135192.168.1.1048000GET/js/index.js(not set)
3
2017-11-08T05:43:09.692840-0800192.168.1.135192.168.1.1048000GET/css/style.css(not set)
4
2017-11-08T05:43:14.329160-0800192.168.1.135(not set)8000(not set)/libhtp::request_uri_not_seen(not set)
5
2017-11-08T05:45:44.381611-0800192.168.1.138192.168.1.1048000POST/continuum/saveInstallation.action(not set)
6
2017-11-08T05:46:35.355986-0800192.168.1.135192.168.1.1048000GET/passwd200
7
2017-11-08T05:45:58.501451-0800192.168.1.129192.168.1.1048000HEAD/(not set)
8
2017-11-08T05:45:58.501451-0800192.168.1.129192.168.1.1048000HEAD/(not set)
9
2017-11-08T05:46:21.787526-0800192.168.1.135192.168.1.1048000GET/etc/passwd404
10
2017-11-08T05:46:21.787526-0800192.168.1.138(not set)8000GET/(not set)
11
2017-11-08T05:47:19.209394-0800192.168.1.129192.168.1.1048000GET/(not set)
12
2017-11-08T05:47:19.209394-0800192.168.1.138192.168.1.1048000POST/continuum/saveInstallation.action(not set)
13
2017-11-08T05:47:19.209394-0800192.168.1.138(not set)8000GET/nice%20ports%2C/Tri%6Eity.txt%2ebak(not set)
14
2017-11-08T05:47:39.151845-0800192.168.1.138(not set)8000OPTIONS/(not set)
15
2017-11-08T05:48:03.940935-0800192.168.1.138(not set)8000OPTIONS/(not set)
16
2017-11-08T05:48:03.940935-0800192.168.1.129192.168.1.1048000GET/misc/drupal.js(not set)
17
2017-11-08T05:48:03.940935-0800192.168.1.129192.168.1.1048000GET/CHANGELOG.txt(not set)
18
2017-11-08T05:48:03.940935-0800192.168.1.138192.168.1.1048000GET/(not set)
19
2017-11-08T05:48:03.940935-0800192.168.1.138192.168.1.1048000GET/(not set)
20
2017-11-08T05:48:03.940935-0800192.168.1.138192.168.1.1048000OPTIONS/(not set)
SMB 1
Showing 1-1 of 1 item.
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
1
2017-11-08T05:46:05.077324-0800192.168.1.138192.168.1.104unknownSMB1_COMMAND_NEGOTIATE_PROTOCOL00
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 1206
Showing 161-180 of 1,206 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
161
2017-11-08T05:48:03.940935-08001850529777349776flow192.168.1.13838461192.168.1.1041213TCPpcapanalyzer
162
2017-11-08T05:48:03.940935-0800865573517299147flow192.168.1.13838461192.168.1.1041972TCPpcapanalyzer
163
2017-11-08T05:48:03.940935-0800584137195266463flow192.168.1.13838461192.168.1.10410629TCPpcapanalyzer
164
2017-11-08T05:48:03.940935-0800161937615146817flow192.168.1.13838461192.168.1.1049080TCPpcapanalyzer
165
2017-11-08T05:48:03.940935-08001991542143541652flow192.168.1.13838462192.168.1.1041521TCPpcapanalyzer
166
2017-11-08T05:48:03.940935-08001991580798320677flow192.168.1.13838461192.168.1.1043889TCPpcapanalyzer
167
2017-11-08T05:48:03.940935-08001851053763336418flow192.168.1.13838461192.168.1.1042725TCPpcapanalyzer
168
2017-11-08T05:48:03.940935-0800443702502128705flow192.168.1.13838461192.168.1.1041761TCPpcapanalyzer
169
2017-11-08T05:48:03.940935-0800866063143599866flow192.168.1.13838461192.168.1.1042007TCPpcapanalyzer
170
2017-11-08T05:48:03.940935-08001851302871433995flow192.168.1.13838461192.168.1.1045859TCPpcapanalyzer
171
2017-11-08T05:48:03.940935-0800866224204837563flow192.168.1.13838461192.168.1.1045901TCPpcapanalyzer
172
2017-11-08T05:48:03.940935-0800444054689416000flow192.168.1.13838461192.168.1.10452848TCPpcapanalyzer
173
2017-11-08T05:48:03.940935-08001992405432056778flow192.168.1.13838461192.168.1.1045033TCPpcapanalyzer
174
2017-11-08T05:48:03.940935-0800444540020719832flow192.168.1.13838461192.168.1.1046100TCPpcapanalyzer
175
2017-11-08T05:48:03.940935-0800726019292345237flow192.168.1.13838461192.168.1.104995TCPpcapanalyzer
176
2017-11-08T05:48:03.940935-08001289407332547734flow192.168.1.13838461192.168.1.1042383TCPpcapanalyzer
177
2017-11-08T05:48:03.940935-0800304259946400445flow192.168.1.13838461192.168.1.10425734TCPpcapanalyzer
178
2017-11-08T05:48:03.940935-0800726526098596548flow192.168.1.13838461192.168.1.1042002TCPpcapanalyzer
179
2017-11-08T05:48:03.940935-0800867540612304255flow192.168.1.13838461192.168.1.1045825TCPpcapanalyzer
180
2017-11-08T05:48:03.940935-08001571262413835433flow192.168.1.13838461192.168.1.1047911TCPpcapanalyzer
File 7
Showing 1-7 of 7 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2017-11-08T05:43:09.260967-0800192.168.1.104192.168.1.135/HTML document, ASCII text1075
2
2017-11-08T05:43:13.239896-0800192.168.1.138192.168.1.104/continuum/saveInstallation.actionASCII text, with very long lines, with no line terminators1013
3
2017-11-08T05:43:14.329054-0800192.168.1.104192.168.1.135/css/style.cssASCII text1252
4
2017-11-08T05:43:19.351449-0800192.168.1.104192.168.1.135/js/index.jsASCII text294
5
2017-11-08T05:44:12.606451-0800192.168.1.138192.168.1.104/continuum/saveInstallation.actionASCII text, with very long lines, with no line terminators1013
6
2017-11-08T05:46:35.355986-0800192.168.1.104192.168.1.135/passwdASCII text1684
7
2017-11-08T05:46:21.787526-0800192.168.1.104192.168.1.135/etc/passwdHTML document, ASCII text195

Comments(not set)

Update Download PCAP Delete