0b0e4eab-aece-4353-aba0-730b9fcb3a0e.pcap

MD5	bdeafd6f458ee1fa380fc3b50ab82d46
Submission Date	2019-10-09 16:11:46
Tags	(not set)

Alert 4

Showing 1-4 of 4 items.

Timestamp

Src Ip

Dest Ip

Alert Signature

2019-10-08T10:54:03.816965-0700

192.168.100.65

192.168.100.2

ET POLICY DNS Query to DynDNS Domain *.hopto .org

2019-10-08T10:54:35.231346-0700

192.168.100.65

192.168.100.2

ET POLICY DNS Query to DynDNS Domain *.ddns .net

2019-10-08T10:54:35.231346-0700

192.168.100.65

192.168.100.2

ET POLICY DNS Query to DynDNS Domain *.ddns .net

2019-10-08T10:54:03.816965-0700

192.168.100.65

192.168.100.2

ET POLICY DNS Query to DynDNS Domain *.hopto .org

DNS 26

Showing 1-20 of 26 items.

Timestamp

Src Ip

Dest Ip

Dns Type

Resource Record Name

Resource Record Type

Resource Data

2019-10-08T10:54:03.795311-0700

192.168.100.65

192.168.100.2

query

go.microsoft.com

(not set)

2019-10-08T10:54:03.816965-0700

192.168.100.65

192.168.100.2

query

robertmoore.hopto.org

(not set)

2019-10-08T10:54:03.830725-0700

192.168.100.65

192.168.100.2

query

ramseycynthia.gleeze.com

(not set)

2019-10-08T10:54:03.977752-0700

192.168.100.2

192.168.100.65

answer

ramseycynthia.gleeze.com

(not set)

2019-10-08T10:54:03.756832-0700

192.168.100.65

192.168.100.2

query

www.bing.com

(not set)

2019-10-08T10:54:03.757034-0700

192.168.100.2

192.168.100.65

answer

www.bing.com

(not set)

2019-10-08T10:54:03.824676-0700

192.168.100.2

192.168.100.65

answer

robertmoore.hopto.org

(not set)

2019-10-08T10:54:04.793134-0700

192.168.100.65

192.168.100.2

query

go.microsoft.com

(not set)

2019-10-08T10:54:04.793230-0700

192.168.100.2

192.168.100.65

answer

go.microsoft.com

(not set)

2019-10-08T10:54:24.996524-0700

192.168.100.65

192.168.100.2

query

vikkibret.mywire.org

(not set)

2019-10-08T10:54:25.104364-0700

192.168.100.2

192.168.100.65

answer

vikkibret.mywire.org

(not set)

2019-10-08T10:54:35.231346-0700

192.168.100.65

192.168.100.2

query

snick4059.ddns.net

(not set)

2019-10-08T10:54:35.238968-0700

192.168.100.2

192.168.100.65

answer

snick4059.ddns.net

(not set)

2019-10-08T10:54:03.795311-0700

192.168.100.65

192.168.100.2

query

go.microsoft.com

(not set)

2019-10-08T10:54:03.830725-0700

192.168.100.65

192.168.100.2

query

ramseycynthia.gleeze.com

(not set)

2019-10-08T10:54:03.977752-0700

192.168.100.2

192.168.100.65

answer

ramseycynthia.gleeze.com

(not set)

2019-10-08T10:54:04.793134-0700

192.168.100.65

192.168.100.2

query

go.microsoft.com

(not set)

2019-10-08T10:54:04.793230-0700

192.168.100.2

192.168.100.65

answer

go.microsoft.com

(not set)

2019-10-08T10:54:35.231346-0700

192.168.100.65

192.168.100.2

query

snick4059.ddns.net

(not set)

2019-10-08T10:54:35.238968-0700

192.168.100.2

192.168.100.65

answer

snick4059.ddns.net

(not set)

TLS 0

#		Timestamp	Source IP	Destination IP	TLS Version	Server Name Indication
No results found.

TFTP 0

#	Timestamp	Src Ip	Dest Ip	Tftp Packet	Tftp File	Tftp Mode
No results found.

HTTP 4

Showing 1-4 of 4 items.

Timestamp

Source

Hostname

Port

Method

URL

Status

2019-10-08T10:54:04.230582-0700

192.168.100.65

www.bing.com

GET

/favicon.ico

200

2019-10-08T10:54:42.169085-0700

192.168.100.65

go.microsoft.com

GET

/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=iexplore.exe&platform=0000&osver=5&isServer=0&shimver=4.0.30319.0

(not set)

2019-10-08T10:54:04.230582-0700

192.168.100.65

www.bing.com

GET

/favicon.ico

200

2019-10-08T10:54:42.169085-0700

192.168.100.65

go.microsoft.com

GET

/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=iexplore.exe&platform=0000&osver=5&isServer=0&shimver=4.0.30319.0

(not set)

SMB 0

#		Timestamp	Src Ip	Dest Ip	SMB Dialect	Command	Session	Tree
No results found.

SMTP 0

#		Timestamp	Source	Destination	Email From	Email To	Subject
No results found.

Flow 40

Showing 1-20 of 40 items.

Timestamp

Flow Id

Event Type

Source

Source Port

Destination

Destination Port

Protocol

Host

2019-10-08T10:54:42.169085-0700

998901165850414

flow

fe80:0000:0000:0000:a179:b3ff:0199:2314

62104

ff02:0000:0000:0000:0000:0000:0001:0003

5355

UDP

pcapanalyzer

2019-10-08T10:54:42.169085-0700

1986009204891271

flow

fe80:0000:0000:0000:a179:b3ff:0199:2314

61594

ff02:0000:0000:0000:0000:0000:0001:0003

5355

UDP

pcapanalyzer

2019-10-08T10:54:42.169085-0700

1717273100962938

flow

192.168.100.65

64082

224.0.0.252

5355

UDP

pcapanalyzer

2019-10-08T10:54:42.169085-0700

2182104526292950

flow

192.168.100.65

53802

224.0.0.252

5355

UDP

pcapanalyzer

2019-10-08T10:54:42.169085-0700

1901703291838217

flow

192.168.100.65

50314

224.0.0.252

5355

UDP

pcapanalyzer

2019-10-08T10:54:42.169085-0700

1341592311581604

flow

fe80:0000:0000:0000:a179:b3ff:0199:2314

61896

ff02:0000:0000:0000:0000:0000:0001:0003

5355

UDP

pcapanalyzer

2019-10-08T10:54:42.169085-0700

418724098573518

flow

192.168.100.65

137

192.168.100.255

137

UDP

pcapanalyzer

2019-10-08T10:54:42.169085-0700

602243756682087

flow

fe80:0000:0000:0000:a179:b3ff:0199:2314

546

ff02:0000:0000:0000:0000:0000:0001:0002

547

UDP

pcapanalyzer

2019-10-08T10:54:42.169085-0700

2173308436060929

flow

192.168.100.65

49779

65.52.38.142

2404

TCP

pcapanalyzer

2019-10-08T10:54:42.169085-0700

1189657845970092

flow

192.168.100.65

62685

192.168.100.2

UDP

pcapanalyzer

2019-10-08T10:54:42.169085-0700

770563525813137

flow

192.168.100.65

49451

13.107.21.200

TCP

pcapanalyzer

2019-10-08T10:54:42.169085-0700

1757650089667862

flow

192.168.100.65

49457

65.52.38.142

2404

TCP

pcapanalyzer

2019-10-08T10:54:42.169085-0700

221795554405637

flow

192.168.100.65

59337

192.168.100.2

UDP

pcapanalyzer

2019-10-08T10:54:42.169085-0700

2198678806405807

flow

192.168.100.65

55625

192.168.100.2

UDP

pcapanalyzer

2019-10-08T10:54:42.169085-0700

242797946570674

flow

192.168.100.65

57863

192.168.100.2

UDP

pcapanalyzer

2019-10-08T10:54:42.169085-0700

666784231033952

flow

192.168.100.65

61207

192.168.100.2

UDP

pcapanalyzer

2019-10-08T10:54:42.169085-0700

1522062543562753

flow

192.168.100.65

49471

2.19.38.59

TCP

pcapanalyzer

2019-10-08T10:54:42.169085-0700

123646961743685

flow

192.168.100.65

53392

192.168.100.2

UDP

pcapanalyzer

2019-10-08T10:54:42.169085-0700

1539586008825997

flow

192.168.100.65

138

192.168.100.255

138

UDP

pcapanalyzer

2019-10-08T10:54:42.169085-0700

275323733911459

flow

192.168.100.65

49937

65.52.38.142

2404

TCP

pcapanalyzer

File 2

Showing 1-2 of 2 items.

Timestamp

Source

Destination

File Name

File Magic

File Size

2019-10-08T10:54:04.230582-0700

13.107.21.200

192.168.100.65

/favicon.ico

PNG image data, 16 x 16, 4-bit colormap, non-interlaced

237

2019-10-08T10:54:04.230582-0700

13.107.21.200

192.168.100.65

/favicon.ico

PNG image data, 16 x 16, 4-bit colormap, non-interlaced

237

Comments	(not set)

Update Download PCAP Delete