00.pcap

MD5c3866f619e9dd74add82dce9b6c9481e
Submission Date2019-01-28 03:06:01
Tags(not set)
Alert 39
Showing 1-20 of 39 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2006-10-04T18:25:16.143321-0700192.168.1.161.121.100.107ET POLICY Proxy Judge Discovery/Evasion (prxjdg.cgi)*
2
2006-10-04T18:25:19.326116-0700192.168.1.1210.153.70.38ET POLICY Proxy Judge Discovery/Evasion (prxjdg.cgi)*
3
2006-10-04T18:25:17.011836-0700192.168.1.1203.140.25.50ET POLICY Proxy Judge Discovery/Evasion (prxjdg.cgi)*
4
2006-10-04T18:25:15.563636-0700192.168.1.184.244.1.30ET TROJAN IRC Nick change on non-standard port*
5
2006-10-04T18:25:15.563636-0700192.168.1.184.244.1.30ET TROJAN Likely Bot Nick in IRC (Country Code ISO 3166-1 alpha-3*
6
2006-10-04T18:25:15.563636-0700192.168.1.184.244.1.30ET CURRENT_EVENTS SUSPICIOUS IRC - NICK and 3 Letter Country Code*
7
2006-10-04T18:25:15.564870-0700192.168.1.184.244.1.30ET TROJAN Likely Bot Username in IRC (XP-..)*
8
2006-10-04T18:25:15.655596-0700192.168.1.184.244.1.30ET POLICY IRC Channel JOIN on non-standard port*
9
2006-10-04T18:25:15.663280-0700192.168.1.184.244.1.30ET POLICY IRC Channel JOIN on non-standard port*
10
2006-10-04T18:25:15.714171-0700192.168.1.184.244.1.30ET POLICY IRC Channel JOIN on non-standard port*
11
2006-10-04T18:25:16.136830-0700192.168.1.161.121.100.107ET POLICY Proxy Judge Discovery/Evasion (prxjdg.cgi)*
12
2006-10-04T18:25:17.011894-0700192.168.1.1203.140.25.50ET POLICY Proxy Judge Discovery/Evasion (prxjdg.cgi)*
13
2006-10-04T18:25:16.137757-0700192.168.1.161.121.100.107ET POLICY Proxy Judge Discovery/Evasion (prxjdg.cgi)*
14
2006-10-04T18:25:17.021781-0700192.168.1.1203.140.25.50ET POLICY Proxy Judge Discovery/Evasion (prxjdg.cgi)*
15
2006-10-04T18:25:19.878710-0700192.168.1.1219.163.5.185ET POLICY Proxy Judge Discovery/Evasion (prxjdg.cgi)*
16
2006-10-04T18:25:16.714609-0700192.168.1.184.244.1.30ET TROJAN IRC Private message on non-standard port*
17
2006-10-04T18:25:20.768654-0700192.168.1.1211.8.0.252ET POLICY Proxy Judge Discovery/Evasion (prxjdg.cgi)*
18
2006-10-04T18:25:20.786316-0700192.168.1.1211.8.0.252ET POLICY Proxy Judge Discovery/Evasion (prxjdg.cgi)*
19
2006-10-04T18:25:20.791599-0700192.168.1.1211.8.0.252ET POLICY Proxy Judge Discovery/Evasion (prxjdg.cgi)*
20
2006-10-04T18:25:20.798675-0700192.168.1.1203.140.25.50ET POLICY Proxy Judge Discovery/Evasion (prxjdg.cgi)*
DNS 18
Showing 1-18 of 18 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2006-10-04T18:25:13.857590-0700192.168.1.1192.168.1.254querywindowsupdate.microsoft.comA(not set)
2
2006-10-04T18:25:14.625348-0700192.168.1.254192.168.1.1answerwindowsupdate.microsoft.com(not set)(not set)
3
2006-10-04T18:25:15.003214-0700192.168.1.1192.168.1.254queryw0rld.secilmisler.comA(not set)
4
2006-10-04T18:25:15.397543-0700192.168.1.254192.168.1.1answerw0rld.secilmisler.com(not set)(not set)
5
2006-10-04T18:25:15.582560-0700192.168.1.1192.168.1.254queryhpcgi1.nifty.comA(not set)
6
2006-10-04T18:25:16.130081-0700192.168.1.254192.168.1.1answerhpcgi1.nifty.com(not set)(not set)
7
2006-10-04T18:25:16.140423-0700192.168.1.1192.168.1.254querywww.age.ne.jpA(not set)
8
2006-10-04T18:25:17.004796-0700192.168.1.254192.168.1.1answerwww.age.ne.jp(not set)(not set)
9
2006-10-04T18:25:17.015558-0700192.168.1.1192.168.1.254querywww.kinchan.netA(not set)
10
2006-10-04T18:25:17.570360-0700192.168.1.254192.168.1.1answerwww.kinchan.net(not set)(not set)
11
2006-10-04T18:25:17.578683-0700192.168.1.1192.168.1.254querycgi14.plala.or.jpA(not set)
12
2006-10-04T18:25:18.589285-0700192.168.1.1192.168.1.254querycgi14.plala.or.jpA(not set)
13
2006-10-04T18:25:19.319279-0700192.168.1.254192.168.1.1answercgi14.plala.or.jp(not set)(not set)
14
2006-10-04T18:25:19.319501-0700192.168.1.254192.168.1.1answercgi14.plala.or.jp(not set)(not set)
15
2006-10-04T18:25:19.328933-0700192.168.1.1192.168.1.254queryyia.s22.xrea.comA(not set)
16
2006-10-04T18:25:19.871919-0700192.168.1.254192.168.1.1answeryia.s22.xrea.com(not set)(not set)
17
2006-10-04T18:25:19.881435-0700192.168.1.1192.168.1.254querywww2.dokidoki.ne.jpA(not set)
18
2006-10-04T18:25:20.760952-0700192.168.1.254192.168.1.1answerwww2.dokidoki.ne.jp(not set)(not set)
TLS 0
#
TimestampSource IPDestination IPTLS VersionIssuer
No results found.
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 34
Showing 1-20 of 34 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2006-10-04T18:25:14.662404-0700192.168.1.1windowsupdate.microsoft.com80GET/403
2
2006-10-04T18:25:20.812357-0700192.168.1.1www2.dokidoki.ne.jp80GET/tomocrus/cgi-bin/check/prxjdg.cgi404
3
2006-10-04T18:25:20.812357-0700192.168.1.1www2.dokidoki.ne.jp80GET/tomocrus/cgi-bin/check/prxjdg.cgi404
4
2006-10-04T18:25:20.812357-0700192.168.1.1www.age.ne.jp80GET/x/maxwell/cgi-bin/prxjdg.cgi404
5
2006-10-04T18:25:20.812357-0700192.168.1.1www.kinchan.net80GET/cgi-bin/proxy.cgi404
6
2006-10-04T18:25:20.812357-0700192.168.1.1www.age.ne.jp80GET/x/maxwell/cgi-bin/prxjdg.cgi404
7
2006-10-04T18:25:20.812357-0700192.168.1.1www.age.ne.jp80GET/x/maxwell/cgi-bin/prxjdg.cgi404
8
2006-10-04T18:25:20.812357-0700192.168.1.1www.kinchan.net80GET/cgi-bin/proxy.cgi404
9
2006-10-04T18:25:20.812357-0700192.168.1.1cgi14.plala.or.jp80GET/little_w/prxjdg.cgi404
10
2006-10-04T18:25:20.812357-0700192.168.1.1www2.dokidoki.ne.jp80GET/tomocrus/cgi-bin/check/prxjdg.cgi404
11
2006-10-04T18:25:20.812357-0700192.168.1.1www.kinchan.net80GET/cgi-bin/proxy.cgi404
12
2006-10-04T18:25:20.812357-0700192.168.1.1www2.dokidoki.ne.jp80GET/tomocrus/cgi-bin/check/prxjdg.cgi404
13
2006-10-04T18:25:20.812357-0700192.168.1.1www.age.ne.jp80GET/x/maxwell/cgi-bin/prxjdg.cgi404
14
2006-10-04T18:25:20.812357-0700192.168.1.1www.kinchan.net80GET/cgi-bin/proxy.cgi404
15
2006-10-04T18:25:20.812357-0700192.168.1.1www2.dokidoki.ne.jp80GET/tomocrus/cgi-bin/check/prxjdg.cgi404
16
2006-10-04T18:25:20.812357-0700192.168.1.1www2.dokidoki.ne.jp80GET/tomocrus/cgi-bin/check/prxjdg.cgi404
17
2006-10-04T18:25:20.812357-0700192.168.1.1www.age.ne.jp80GET/x/maxwell/cgi-bin/prxjdg.cgi404
18
2006-10-04T18:25:20.812357-0700192.168.1.1www.kinchan.net80GET/cgi-bin/proxy.cgi404
19
2006-10-04T18:25:20.812357-0700192.168.1.1www.age.ne.jp80GET/x/maxwell/cgi-bin/prxjdg.cgi404
20
2006-10-04T18:25:20.812357-0700192.168.1.1www.age.ne.jp80GET/x/maxwell/cgi-bin/prxjdg.cgi404
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 36
Showing 1-20 of 36 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2006-10-04T18:25:20.812357-07001127482048693711flow192.168.1.11120211.8.0.25280TCPpcapanalyzer
2
2006-10-04T18:25:20.812357-0700847480245565673flow192.168.1.11109202.189.151.580TCPpcapanalyzer
3
2006-10-04T18:25:20.812357-07001833443675628685flow192.168.1.11133203.140.25.5080TCPpcapanalyzer
4
2006-10-04T18:25:20.812357-07001839190341492610flow192.168.1.11099207.46.18.9480TCPpcapanalyzer
5
2006-10-04T18:25:20.812357-07001137463552350060flow192.168.1.1110184.244.1.305050TCPpcapanalyzer
6
2006-10-04T18:25:20.812357-07001563945215238857flow192.168.1.11118211.8.0.25280TCPpcapanalyzer
7
2006-10-04T18:25:20.812357-0700721764405495400flow192.168.1.11130203.140.25.5080TCPpcapanalyzer
8
2006-10-04T18:25:20.812357-07001006228679426110flow192.168.1.11124202.189.151.580TCPpcapanalyzer
9
2006-10-04T18:25:20.812357-0700162070037287902flow192.168.1.11132211.8.0.25280TCPpcapanalyzer
10
2006-10-04T18:25:20.812357-07002135324041950441flow192.168.1.11129203.140.25.5080TCPpcapanalyzer
11
2006-10-04T18:25:20.812357-0700305957883984218flow192.168.1.11108202.189.151.580TCPpcapanalyzer
12
2006-10-04T18:25:20.812357-07001716693579335383flow192.168.1.1110361.121.100.10780TCPpcapanalyzer
13
2006-10-04T18:25:20.812357-07001437333874271362flow192.168.1.11111210.153.70.3880TCPpcapanalyzer
14
2006-10-04T18:25:20.812357-07002148829566146038flow192.168.1.11025192.168.1.25453UDPpcapanalyzer
15
2006-10-04T18:25:20.812357-0700888333974627574flow192.168.1.11112210.153.70.3880TCPpcapanalyzer
16
2006-10-04T18:25:20.812357-07001734193423884888flow192.168.1.11117211.8.0.25280TCPpcapanalyzer
17
2006-10-04T18:25:20.812357-0700473646292280231flow192.168.1.11127202.189.151.580TCPpcapanalyzer
18
2006-10-04T18:25:20.812357-07001459586099794584flow192.168.1.11114219.163.5.18580TCPpcapanalyzer
19
2006-10-04T18:25:20.812357-07001039549035770637flow192.168.1.11123202.189.151.580TCPpcapanalyzer
20
2006-10-04T18:25:20.812357-07001180585024253564flow192.168.1.11116219.163.5.18580TCPpcapanalyzer
File 34
Showing 1-20 of 34 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2006-10-04T18:25:14.662404-0700207.46.18.94192.168.1.1/HTML document, ASCII text3985
2
2006-10-04T18:25:20.812357-0700211.8.0.252192.168.1.1/tomocrus/cgi-bin/check/prxjdg.cgiXML 1.0 document, ASCII text1117
3
2006-10-04T18:25:20.812357-0700211.8.0.252192.168.1.1/tomocrus/cgi-bin/check/prxjdg.cgiXML 1.0 document, ASCII text1117
4
2006-10-04T18:25:20.812357-0700202.189.151.5192.168.1.1/cgi-bin/proxy.cgiXML 1.0 document, ASCII text1117
5
2006-10-04T18:25:20.812357-0700203.140.25.50192.168.1.1/x/maxwell/cgi-bin/prxjdg.cgiXML 1.0 document, ASCII text1117
6
2006-10-04T18:25:20.812357-0700203.140.25.50192.168.1.1/x/maxwell/cgi-bin/prxjdg.cgiXML 1.0 document, ASCII text1117
7
2006-10-04T18:25:20.812357-0700203.140.25.50192.168.1.1/x/maxwell/cgi-bin/prxjdg.cgiXML 1.0 document, ASCII text1117
8
2006-10-04T18:25:20.812357-0700202.189.151.5192.168.1.1/cgi-bin/proxy.cgiXML 1.0 document, ASCII text1117
9
2006-10-04T18:25:20.812357-0700210.153.70.38192.168.1.1/little_w/prxjdg.cgiXML 1.0 document, ASCII text1117
10
2006-10-04T18:25:20.812357-0700211.8.0.252192.168.1.1/tomocrus/cgi-bin/check/prxjdg.cgiXML 1.0 document, ASCII text1117
11
2006-10-04T18:25:20.812357-0700211.8.0.252192.168.1.1/tomocrus/cgi-bin/check/prxjdg.cgiXML 1.0 document, ASCII text1117
12
2006-10-04T18:25:20.812357-0700203.140.25.50192.168.1.1/x/maxwell/cgi-bin/prxjdg.cgiXML 1.0 document, ASCII text1117
13
2006-10-04T18:25:20.812357-0700202.189.151.5192.168.1.1/cgi-bin/proxy.cgiXML 1.0 document, ASCII text1117
14
2006-10-04T18:25:20.812357-0700211.8.0.252192.168.1.1/tomocrus/cgi-bin/check/prxjdg.cgiXML 1.0 document, ASCII text1117
15
2006-10-04T18:25:20.812357-0700211.8.0.252192.168.1.1/tomocrus/cgi-bin/check/prxjdg.cgiXML 1.0 document, ASCII text1117
16
2006-10-04T18:25:20.812357-0700203.140.25.50192.168.1.1/x/maxwell/cgi-bin/prxjdg.cgiXML 1.0 document, ASCII text1117
17
2006-10-04T18:25:20.812357-0700203.140.25.50192.168.1.1/x/maxwell/cgi-bin/prxjdg.cgiXML 1.0 document, ASCII text1117
18
2006-10-04T18:25:20.812357-0700203.140.25.50192.168.1.1/x/maxwell/cgi-bin/prxjdg.cgiXML 1.0 document, ASCII text1117
19
2006-10-04T18:25:20.812357-0700202.189.151.5192.168.1.1/cgi-bin/proxy.cgiXML 1.0 document, ASCII text1117
20
2006-10-04T18:25:20.812357-0700203.140.25.50192.168.1.1/x/maxwell/cgi-bin/prxjdg.cgiXML 1.0 document, ASCII text1117

Comments(not set)

Update Download PCAP Delete