00.pcap

MD5c3866f619e9dd74add82dce9b6c9481e
Submission Date2019-01-28 03:06:01
Tags(not set)
Alert 78
Showing 61-78 of 78 items.
#
TimestampSrc IpDest IpAlert SignatureP
61
2006-10-04T18:25:20.810783-0700192.168.1.1203.140.25.50ET POLICY Proxy Judge Discovery/Evasion (prxjdg.cgi)*
62
2006-10-04T18:25:20.786316-0700192.168.1.1211.8.0.252ET POLICY Proxy Judge Discovery/Evasion (prxjdg.cgi)*
63
2006-10-04T18:25:19.326116-0700192.168.1.1210.153.70.38ET POLICY Proxy Judge Discovery/Evasion (prxjdg.cgi)*
64
2006-10-04T18:25:20.817850-0700192.168.1.1203.140.25.50ET POLICY Proxy Judge Discovery/Evasion (prxjdg.cgi)*
65
2006-10-04T18:25:20.791599-0700192.168.1.1211.8.0.252ET POLICY Proxy Judge Discovery/Evasion (prxjdg.cgi)*
66
2006-10-04T18:25:19.878710-0700192.168.1.1219.163.5.185ET POLICY Proxy Judge Discovery/Evasion (prxjdg.cgi)*
67
2006-10-04T18:25:19.886781-0700192.168.1.1219.163.5.185ET POLICY Proxy Judge Discovery/Evasion (prxjdg.cgi)*
68
2006-10-04T18:25:20.720190-0700192.168.1.184.244.1.30ET TROJAN IRC Private message on non-standard port*
69
2006-10-04T18:25:20.768654-0700192.168.1.1211.8.0.252ET POLICY Proxy Judge Discovery/Evasion (prxjdg.cgi)*
70
2006-10-04T18:25:20.796063-0700192.168.1.1203.140.25.50ET POLICY Proxy Judge Discovery/Evasion (prxjdg.cgi)*
71
2006-10-04T18:25:20.798675-0700192.168.1.1203.140.25.50ET POLICY Proxy Judge Discovery/Evasion (prxjdg.cgi)*
72
2006-10-04T18:25:20.806494-0700192.168.1.1203.140.25.50ET POLICY Proxy Judge Discovery/Evasion (prxjdg.cgi)*
73
2006-10-04T18:25:20.812296-0700192.168.1.1211.8.0.252ET POLICY Proxy Judge Discovery/Evasion (prxjdg.cgi)*
74
2006-10-04T18:25:20.816597-0700192.168.1.1211.8.0.252ET POLICY Proxy Judge Discovery/Evasion (prxjdg.cgi)*
75
2006-10-04T18:25:20.824988-0700192.168.1.1211.8.0.252ET POLICY Proxy Judge Discovery/Evasion (prxjdg.cgi)*
76
2006-10-04T18:25:24.725852-0700192.168.1.184.244.1.30ET TROJAN IRC Private message on non-standard port*
77
2006-10-04T18:25:20.791974-0700192.168.1.184.244.1.30ET TROJAN Likely Bot Nick in IRC (Country Code ISO 3166-1 alpha-3*
78
2006-10-04T18:25:20.791974-0700192.168.1.184.244.1.30ET TROJAN SUSPICIOUS IRC - NICK and 3 Letter Country Code*
DNS 36
Showing 1-20 of 36 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2006-10-04T18:25:13.857590-0700192.168.1.1192.168.1.254querywindowsupdate.microsoft.comA(not set)
2
2006-10-04T18:25:14.625348-0700192.168.1.254192.168.1.1answerwindowsupdate.microsoft.comA(not set)
3
2006-10-04T18:25:15.003214-0700192.168.1.1192.168.1.254queryw0rld.secilmisler.comA(not set)
4
2006-10-04T18:25:15.397543-0700192.168.1.254192.168.1.1answerw0rld.secilmisler.comA(not set)
5
2006-10-04T18:25:15.582560-0700192.168.1.1192.168.1.254queryhpcgi1.nifty.comA(not set)
6
2006-10-04T18:25:16.130081-0700192.168.1.254192.168.1.1answerhpcgi1.nifty.comA(not set)
7
2006-10-04T18:25:16.140423-0700192.168.1.1192.168.1.254querywww.age.ne.jpA(not set)
8
2006-10-04T18:25:17.004796-0700192.168.1.254192.168.1.1answerwww.age.ne.jpA(not set)
9
2006-10-04T18:25:17.015558-0700192.168.1.1192.168.1.254querywww.kinchan.netA(not set)
10
2006-10-04T18:25:17.570360-0700192.168.1.254192.168.1.1answerwww.kinchan.netA(not set)
11
2006-10-04T18:25:17.578683-0700192.168.1.1192.168.1.254querycgi14.plala.or.jpA(not set)
12
2006-10-04T18:25:18.589285-0700192.168.1.1192.168.1.254querycgi14.plala.or.jpA(not set)
13
2006-10-04T18:25:19.319279-0700192.168.1.254192.168.1.1answercgi14.plala.or.jpA(not set)
14
2006-10-04T18:25:19.319501-0700192.168.1.254192.168.1.1answercgi14.plala.or.jpA(not set)
15
2006-10-04T18:25:19.328933-0700192.168.1.1192.168.1.254queryyia.s22.xrea.comA(not set)
16
2006-10-04T18:25:19.871919-0700192.168.1.254192.168.1.1answeryia.s22.xrea.comA(not set)
17
2006-10-04T18:25:19.881435-0700192.168.1.1192.168.1.254querywww2.dokidoki.ne.jpA(not set)
18
2006-10-04T18:25:20.760952-0700192.168.1.254192.168.1.1answerwww2.dokidoki.ne.jpA(not set)
19
2006-10-04T18:25:13.857590-0700192.168.1.1192.168.1.254querywindowsupdate.microsoft.comA(not set)
20
2006-10-04T18:25:14.625348-0700192.168.1.254192.168.1.1answerwindowsupdate.microsoft.comA(not set)
TLS 0
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
No results found.
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 68
Showing 1-20 of 68 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2006-10-04T18:25:14.662404-0700192.168.1.1windowsupdate.microsoft.com80GET/403
2
2006-10-04T18:25:20.810870-0700192.168.1.1cgi14.plala.or.jp80GET/little_w/prxjdg.cgi404
3
2006-10-04T18:25:20.810870-0700192.168.1.1www2.dokidoki.ne.jp80GET/tomocrus/cgi-bin/check/prxjdg.cgi404
4
2006-10-04T18:25:20.810870-0700192.168.1.1www2.dokidoki.ne.jp80GET/tomocrus/cgi-bin/check/prxjdg.cgi404
5
2006-10-04T18:25:20.810870-0700192.168.1.1www.age.ne.jp80GET/x/maxwell/cgi-bin/prxjdg.cgi404
6
2006-10-04T18:25:20.810870-0700192.168.1.1yia.s22.xrea.com80GET/prxjdg.cgi404
7
2006-10-04T18:25:20.810870-0700192.168.1.1yia.s22.xrea.com80GET/prxjdg.cgi404
8
2006-10-04T18:25:20.810870-0700192.168.1.1www.age.ne.jp80GET/x/maxwell/cgi-bin/prxjdg.cgi404
9
2006-10-04T18:25:20.810870-0700192.168.1.1www.age.ne.jp80GET/x/maxwell/cgi-bin/prxjdg.cgi404
10
2006-10-04T18:25:20.810870-0700192.168.1.1cgi14.plala.or.jp80GET/little_w/prxjdg.cgi404
11
2006-10-04T18:25:20.810870-0700192.168.1.1hpcgi1.nifty.com80GET/mute/c/prxjdg.cgi404
12
2006-10-04T18:25:20.810870-0700192.168.1.1www2.dokidoki.ne.jp80GET/tomocrus/cgi-bin/check/prxjdg.cgi404
13
2006-10-04T18:25:20.810870-0700192.168.1.1www2.dokidoki.ne.jp80GET/tomocrus/cgi-bin/check/prxjdg.cgi404
14
2006-10-04T18:25:20.810870-0700192.168.1.1www2.dokidoki.ne.jp80GET/tomocrus/cgi-bin/check/prxjdg.cgi404
15
2006-10-04T18:25:20.810870-0700192.168.1.1www.kinchan.net80GET/cgi-bin/proxy.cgi404
16
2006-10-04T18:25:20.810870-0700192.168.1.1www.age.ne.jp80GET/x/maxwell/cgi-bin/prxjdg.cgi404
17
2006-10-04T18:25:20.810870-0700192.168.1.1cgi14.plala.or.jp80GET/little_w/prxjdg.cgi404
18
2006-10-04T18:25:20.810870-0700192.168.1.1www.kinchan.net80GET/cgi-bin/proxy.cgi404
19
2006-10-04T18:25:20.810870-0700192.168.1.1hpcgi1.nifty.com80GET/mute/c/prxjdg.cgi404
20
2006-10-04T18:25:20.810870-0700192.168.1.1www.kinchan.net80GET/cgi-bin/proxy.cgi404
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 72
Showing 41-60 of 72 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
41
2006-10-04T18:25:20.791974-070011348897492218flow192.168.1.11122211.8.0.25280TCPpcapanalyzer
42
2006-10-04T18:25:20.791974-0700586928202237391flow192.168.1.11120211.8.0.25280TCPpcapanalyzer
43
2006-10-04T18:25:20.791974-070030135084377218flow192.168.1.11111210.153.70.3880TCPpcapanalyzer
44
2006-10-04T18:25:20.791974-07001864139806414326flow192.168.1.11025192.168.1.25453UDPpcapanalyzer
45
2006-10-04T18:25:20.791974-070035922552848986flow192.168.1.11134211.8.0.25280TCPpcapanalyzer
46
2006-10-04T18:25:20.791974-07001865707469886201flow192.168.1.11115219.163.5.18580TCPpcapanalyzer
47
2006-10-04T18:25:20.791974-07001166901258223654flow192.168.1.1110261.121.100.10780TCPpcapanalyzer
48
2006-10-04T18:25:20.791974-07002012805804892873flow192.168.1.11118211.8.0.25280TCPpcapanalyzer
49
2006-10-04T18:25:20.791974-07001452656170062488flow192.168.1.11114219.163.5.18580TCPpcapanalyzer
50
2006-10-04T18:25:20.791974-07001312846394729048flow192.168.1.11117211.8.0.25280TCPpcapanalyzer
51
2006-10-04T18:25:20.791974-07002025314897118824flow192.168.1.11130203.140.25.5080TCPpcapanalyzer
52
2006-10-04T18:25:20.791974-07001755369759840702flow192.168.1.1110461.121.100.10780TCPpcapanalyzer
53
2006-10-04T18:25:20.791974-07001477753811357398flow192.168.1.11110202.189.151.580TCPpcapanalyzer
54
2006-10-04T18:25:20.791974-07001765026994064936flow192.168.1.11125203.140.25.5080TCPpcapanalyzer
55
2006-10-04T18:25:20.791974-07001484986536420598flow192.168.1.11112210.153.70.3880TCPpcapanalyzer
56
2006-10-04T18:25:20.791974-07001907443814636464flow192.168.1.11126203.140.25.5080TCPpcapanalyzer
57
2006-10-04T18:25:20.791974-0700782377131504397flow192.168.1.11123202.189.151.580TCPpcapanalyzer
58
2006-10-04T18:25:20.791974-070084962489112428flow192.168.1.1110184.244.1.305050TCPpcapanalyzer
59
2006-10-04T18:25:20.791974-07001639384168267838flow192.168.1.11124202.189.151.580TCPpcapanalyzer
60
2006-10-04T18:25:20.791974-07001923152657254103flow192.168.1.1110361.121.100.10780TCPpcapanalyzer
File 68
Showing 1-20 of 68 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2006-10-04T18:25:14.662404-0700207.46.18.94192.168.1.1/HTML document, ASCII text3985
2
2006-10-04T18:25:20.810870-0700210.153.70.38192.168.1.1/little_w/prxjdg.cgiXML 1.0 document, ASCII text1117
3
2006-10-04T18:25:20.810870-0700211.8.0.252192.168.1.1/tomocrus/cgi-bin/check/prxjdg.cgiXML 1.0 document, ASCII text1117
4
2006-10-04T18:25:20.810870-0700211.8.0.252192.168.1.1/tomocrus/cgi-bin/check/prxjdg.cgiXML 1.0 document, ASCII text1117
5
2006-10-04T18:25:20.810870-0700203.140.25.50192.168.1.1/x/maxwell/cgi-bin/prxjdg.cgiXML 1.0 document, ASCII text1117
6
2006-10-04T18:25:20.810870-0700219.163.5.185192.168.1.1/prxjdg.cgiXML 1.0 document, ASCII text1117
7
2006-10-04T18:25:20.810870-0700219.163.5.185192.168.1.1/prxjdg.cgiXML 1.0 document, ASCII text1117
8
2006-10-04T18:25:20.810870-0700203.140.25.50192.168.1.1/x/maxwell/cgi-bin/prxjdg.cgiXML 1.0 document, ASCII text1117
9
2006-10-04T18:25:20.810870-0700203.140.25.50192.168.1.1/x/maxwell/cgi-bin/prxjdg.cgiXML 1.0 document, ASCII text1117
10
2006-10-04T18:25:20.810870-0700210.153.70.38192.168.1.1/little_w/prxjdg.cgiXML 1.0 document, ASCII text1117
11
2006-10-04T18:25:20.810870-0700211.8.0.252192.168.1.1/tomocrus/cgi-bin/check/prxjdg.cgiXML 1.0 document, ASCII text1117
12
2006-10-04T18:25:20.810870-070061.121.100.107192.168.1.1/mute/c/prxjdg.cgiXML 1.0 document, ASCII text1117
13
2006-10-04T18:25:20.810870-0700211.8.0.252192.168.1.1/tomocrus/cgi-bin/check/prxjdg.cgiXML 1.0 document, ASCII text1117
14
2006-10-04T18:25:20.810870-0700211.8.0.252192.168.1.1/tomocrus/cgi-bin/check/prxjdg.cgiXML 1.0 document, ASCII text1117
15
2006-10-04T18:25:20.810870-0700202.189.151.5192.168.1.1/cgi-bin/proxy.cgiXML 1.0 document, ASCII text1117
16
2006-10-04T18:25:20.810870-0700203.140.25.50192.168.1.1/x/maxwell/cgi-bin/prxjdg.cgiXML 1.0 document, ASCII text1117
17
2006-10-04T18:25:20.810870-0700202.189.151.5192.168.1.1/cgi-bin/proxy.cgiXML 1.0 document, ASCII text1117
18
2006-10-04T18:25:20.810870-070061.121.100.107192.168.1.1/mute/c/prxjdg.cgiXML 1.0 document, ASCII text1117
19
2006-10-04T18:25:20.810870-0700210.153.70.38192.168.1.1/little_w/prxjdg.cgiXML 1.0 document, ASCII text1117
20
2006-10-04T18:25:20.810870-0700202.189.151.5192.168.1.1/cgi-bin/proxy.cgiXML 1.0 document, ASCII text1117

Comments(not set)

Update Download PCAP Delete