test.pcap

MD5	20e4892aa11e2fe8dd43a217d57132a7
Submission Date	2018-11-12 23:49:25
Tags	(not set)

Alert 26

Showing 1-20 of 26 items.

#

Timestamp

Src Ip

Dest Ip

Alert Signature

P

1

2018-11-05T03:59:21.313242-0800

192.168.156.100

192.168.156.128

ET SCAN Possible Nmap User-Agent Observed

*

2

2018-11-05T03:59:21.313865-0800

192.168.156.100

192.168.156.128

ET SCAN Possible Nmap User-Agent Observed

*

3

2018-11-05T03:59:21.317220-0800

192.168.156.100

192.168.156.128

ET SCAN Possible Nmap User-Agent Observed

*

4

2018-11-05T03:59:21.319380-0800

192.168.156.100

192.168.156.128

ET SCAN Possible Nmap User-Agent Observed

*

5

2018-11-05T03:59:21.366479-0800

192.168.156.100

192.168.156.128

ET SCAN Possible Nmap User-Agent Observed

*

6

2018-11-05T03:59:21.318898-0800

192.168.156.100

192.168.156.128

ET SCAN Possible Nmap User-Agent Observed

*

7

2018-11-05T03:59:21.370849-0800

192.168.156.100

192.168.156.128

ET SCAN Possible Nmap User-Agent Observed

*

8

2018-11-05T03:59:21.374874-0800

192.168.156.100

192.168.156.128

ET SCAN Possible Nmap User-Agent Observed

*

9

2018-11-05T03:59:21.319989-0800

192.168.156.100

192.168.156.128

ET SCAN Possible Nmap User-Agent Observed

*

10

2018-11-05T03:59:21.364060-0800

192.168.156.100

192.168.156.128

ET SCAN Possible Nmap User-Agent Observed

*

11

2018-11-05T03:59:21.369776-0800

192.168.156.100

192.168.156.128

ET SCAN Possible Nmap User-Agent Observed

*

12

2018-11-05T03:59:21.382329-0800

192.168.156.100

192.168.156.128

ET SCAN Possible Nmap User-Agent Observed

*

13

2018-11-05T03:59:21.371212-0800

192.168.156.100

192.168.156.128

ET SCAN Possible Nmap User-Agent Observed

*

14

2018-11-05T03:59:21.386933-0800

192.168.156.100

192.168.156.128

ET SCAN Possible Nmap User-Agent Observed

*

15

2018-11-05T03:59:21.381649-0800

192.168.156.100

192.168.156.128

ET SCAN Possible Nmap User-Agent Observed

*

16

2018-11-05T03:59:21.383915-0800

192.168.156.100

192.168.156.128

ET SCAN Possible Nmap User-Agent Observed

*

17

2018-11-05T03:59:21.317746-0800

192.168.156.100

192.168.156.128

ET SCAN Possible Nmap User-Agent Observed

*

18

2018-11-05T03:59:21.384994-0800

192.168.156.100

192.168.156.128

ET SCAN Possible Nmap User-Agent Observed

*

19

2018-11-05T03:59:21.318312-0800

192.168.156.100

192.168.156.128

ET SCAN Possible Nmap User-Agent Observed

*

20

2018-11-05T03:59:21.323314-0800

192.168.156.100

192.168.156.128

ET SCAN Possible Nmap User-Agent Observed

*

«
1
2
»

DNS 0

#		Timestamp	Src Ip	Dest Ip	Dns Type	Resource Record Name	Resource Record Type	Resource Data
No results found.

TLS 0

#		Timestamp	Source IP	Destination IP	TLS Version	Server Name Indication
No results found.

TFTP 0

#	Timestamp	Src Ip	Dest Ip	Tftp Packet	Tftp File	Tftp Mode
No results found.

HTTP 167

Showing 1-20 of 167 items.

#

Timestamp

Source

Hostname

Port

Method

URL

Status

1

2018-11-05T03:59:21.313242-0800

192.168.156.100

192.168.156.128

80

GET

/nmaplowercheck1541419161

404

2

2018-11-05T03:59:21.317220-0800

192.168.156.100

192.168.156.128

80

PROPFIND

/

405

3

2018-11-05T03:59:21.319380-0800

192.168.156.100

192.168.156.128

80

OPTIONS

/

200

4

2018-11-05T03:59:21.316596-0800

192.168.156.100

192.168.156.128

80

GET

/

200

5

2018-11-05T03:59:21.366479-0800

192.168.156.100

192.168.156.128

80

GET

/robots.txt

404

6

2018-11-05T03:59:19.958941-0800

192.168.156.100

(not set)

80

GET

/

200

7

2018-11-05T03:59:21.370849-0800

192.168.156.100

192.168.156.128

80

OPTIONS

/

200

8

2018-11-05T03:59:21.318898-0800

192.168.156.100

192.168.156.128

80

GET

/.git/HEAD

404

9

2018-11-05T03:59:21.319989-0800

192.168.156.100

192.168.156.128

80

OPTIONS

/

200

10

2018-11-05T03:59:21.364060-0800

192.168.156.100

192.168.156.128

80

PROPFIND

/

405

11

2018-11-05T03:59:21.376915-0800

192.168.156.100

192.168.156.128

80

GET

/

200

12

2018-11-05T03:59:21.369776-0800

192.168.156.100

192.168.156.128

80

GET

/evox/about

404

13

2018-11-05T03:59:21.371212-0800

192.168.156.100

192.168.156.128

80

PROPFIND

/

405

14

2018-11-05T03:59:21.382329-0800

192.168.156.100

192.168.156.128

80

OPTIONS

/

200

15

2018-11-05T03:59:21.386933-0800

192.168.156.100

192.168.156.128

80

OPTIONS

/

200

16

2018-11-05T04:00:36.100461-0800

192.168.156.100

192.168.156.128

80

GET

/

200

17

2018-11-05T03:59:21.381933-0800

192.168.156.100

192.168.156.128

80

GET

/favicon.ico

200

18

2018-11-05T04:00:36.240814-0800

192.168.156.100

192.168.156.128

80

GET

/animatedcollapse.js

200

19

2018-11-05T03:59:21.383915-0800

192.168.156.100

192.168.156.128

80

OPTIONS

/

200

20

2018-11-05T03:59:21.384994-0800

192.168.156.100

192.168.156.128

80

OPTIONS

/

200

«
1
2
3
4
5
6
7
8
9
»

SMB 0

#		Timestamp	Src Ip	Dest Ip	SMB Dialect	Command	Session	Tree
No results found.

SMTP 0

#		Timestamp	Source	Destination	Email From	Email To	Subject
No results found.

Flow 146

Showing 1-20 of 146 items.

#

Timestamp

Flow Id

Event Type

Source

Source Port

Destination

Destination Port

Protocol

Host

1

2018-11-05T03:59:13.849769-0800

136681702381127

flow

192.168.156.100

49744

192.168.156.128

3389

TCP

pcapanalyzer

2

2018-11-05T03:59:13.849769-0800

2107401676346913

flow

192.168.156.100

49744

192.168.156.128

22

TCP

pcapanalyzer

3

2018-11-05T03:59:13.849769-0800

2248216474113439

flow

192.168.156.100

49744

192.168.156.128

21

TCP

pcapanalyzer

4

2018-11-05T04:12:43.245678-0800

1642082774010162

flow

192.168.156.1

37961

239.255.255.250

1900

UDP

pcapanalyzer

5

2018-11-05T04:12:43.245678-0800

253519841144984

flow

192.168.156.100

33902

54.246.133.196

443

TCP

pcapanalyzer

6

2018-11-05T04:12:43.245678-0800

1980777453126076

flow

192.168.156.128

138

192.168.156.255

138

UDP

pcapanalyzer

7

2018-11-05T04:12:43.245678-0800

1701933145968839

flow

192.168.156.100

39564

192.168.156.128

37351

UDP

pcapanalyzer

8

2018-11-05T04:12:43.245678-0800

2011795704337856

flow

192.168.156.100

49744

192.168.156.128

80

TCP

pcapanalyzer

9

2018-11-05T04:12:43.245678-0800

324809864534589

flow

192.168.156.100

39612

192.168.156.128

80

TCP

pcapanalyzer

10

2018-11-05T04:12:43.245678-0800

327938748224889

flow

192.168.156.100

39610

192.168.156.128

80

TCP

pcapanalyzer

11

2018-11-05T04:12:43.245678-0800

926691544356361

flow

192.168.156.100

49744

192.168.156.128

53

TCP

pcapanalyzer

12

2018-11-05T04:12:43.245678-0800

232556114540531

flow

192.168.156.100

39611

192.168.156.128

80

TCP

pcapanalyzer

13

2018-11-05T04:12:43.245678-0800

1930674514198862

flow

192.168.156.100

39615

192.168.156.128

443

TCP

pcapanalyzer

14

2018-11-05T04:12:43.245678-0800

951756973495621

flow

192.168.156.100

49744

192.168.156.128

443

TCP

pcapanalyzer

15

2018-11-05T04:12:43.245678-0800

1687018871987972

flow

192.168.156.100

39614

192.168.156.128

443

TCP

pcapanalyzer

16

2018-11-05T04:12:43.245678-0800

1830504802002

flow

192.168.156.254

(not set)

192.168.156.128

(not set)

ICMP

pcapanalyzer

17

2018-11-05T04:12:43.245678-0800

146835038534407

flow

192.168.156.1

40609

239.255.255.250

1900

UDP

pcapanalyzer

18

2018-11-05T04:12:43.245678-0800

1836668422473050

flow

192.168.156.100

43140

192.168.156.128

80

TCP

pcapanalyzer

19

2018-11-05T04:12:43.245678-0800

1980777480727697

flow

192.168.156.128

138

192.168.156.255

138

UDP

pcapanalyzer

20

2018-11-05T04:12:43.245678-0800

1982304316134027

flow

192.168.156.100

43078

192.168.156.128

80

TCP

pcapanalyzer

«
1
2
3
4
5
6
7
8
»

File 156

Showing 1-20 of 156 items.

#

Timestamp

Source

Destination

File Name

File Magic

File Size

1

2018-11-05T03:59:21.313242-0800

192.168.156.128

192.168.156.100

/nmaplowercheck1541419161

HTML document, ASCII text

222

2

2018-11-05T03:59:21.317220-0800

192.168.156.128

192.168.156.100

/

HTML document, ASCII text

236

3

2018-11-05T03:59:21.316596-0800

192.168.156.128

192.168.156.100

/

HTML document, ASCII text

23832

4

2018-11-05T03:59:19.958941-0800

192.168.156.128

192.168.156.100

/

HTML document, ASCII text

23832

5

2018-11-05T03:59:21.366479-0800

192.168.156.128

192.168.156.100

/robots.txt

HTML document, ASCII text

208

6

2018-11-05T03:59:21.312139-0800

192.168.156.100

192.168.156.128

/sdk

ASCII text, with very long lines, with no line terminators

441

7

2018-11-05T03:59:21.318898-0800

192.168.156.128

192.168.156.100

/.git/HEAD

HTML document, ASCII text

207

8

2018-11-05T03:59:21.364060-0800

192.168.156.128

192.168.156.100

/

HTML document, ASCII text

236

9

2018-11-05T03:59:21.376915-0800

192.168.156.128

192.168.156.100

/

HTML document, ASCII text

23832

10

2018-11-05T03:59:21.369776-0800

192.168.156.128

192.168.156.100

/evox/about

HTML document, ASCII text

208

11

2018-11-05T03:59:21.371212-0800

192.168.156.128

192.168.156.100

/

HTML document, ASCII text

236

12

2018-11-05T04:00:36.100461-0800

192.168.156.128

192.168.156.100

/

HTML document, ASCII text, with very long lines

23832

13

2018-11-05T03:59:21.381933-0800

192.168.156.128

192.168.156.100

/favicon.ico

MS Windows icon resource - 2 icons, 16x16

3638

14

2018-11-05T03:59:21.312404-0800

192.168.156.100

192.168.156.128

/

ASCII text, with no line terminators

88

15

2018-11-05T04:00:36.240814-0800

192.168.156.128

192.168.156.100

/animatedcollapse.js

ASCII text, with CRLF line terminators

11822

16

2018-11-05T03:59:21.318312-0800

192.168.156.128

192.168.156.100

/sdk

HTML document, ASCII text

201

17

2018-11-05T04:00:36.244483-0800

192.168.156.128

192.168.156.100

/jquery.min.js

ASCII text, with very long lines

57254

18

2018-11-05T04:00:36.241527-0800

192.168.156.128

192.168.156.100

/index.css

ASCII text

1227

19

2018-11-05T03:59:21.322827-0800

192.168.156.128

192.168.156.100

/

HTML document, ASCII text

23832

20

2018-11-05T04:00:36.282724-0800

192.168.156.128

192.168.156.100

/images/Knob_Add.png

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

4321

«
1
2
3
4
5
6
7
8
»

Comments	(not set)

Update Download PCAP Delete