Alert Table for 2017-07-22-traffic-analysis-exercise.pcap

Relative Time	Packet	Source	Source Port	Destination	Dest Port	Category	Rule Set	Signature	Severity
0.0	n/a	23.92.189.245	80	172.16.45.52	49387	Generic Protocol Command Decode	SURICATA HTTP	unable to match response to request	3
0.0	n/a	23.92.189.245	80	172.16.45.52	49396	Generic Protocol Command Decode	SURICATA HTTP	unable to match response to request	3
0.0	n/a	63.217.21.34	80	172.16.45.52	49170	Generic Protocol Command Decode	SURICATA HTTP	unable to match response to request	3
355.0	1854	172.16.45.98	49158	78.47.139.102	80	Device Retrieving External IP Address Detected	ET POLICY	External IP Check myexternalip.com	2
355.0	1857	172.16.45.98	49159	104.18.40.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no referer	1
355.0	1857	172.16.45.98	49159	104.18.40.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no accept headers	1
355.0	1865	172.16.45.98	49159	104.18.40.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no referer	1
355.0	1865	172.16.45.98	49159	104.18.40.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no accept headers	1
356.0	1877	172.16.45.98	49159	104.18.40.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no referer	1
356.0	1877	172.16.45.98	49159	104.18.40.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no accept headers	1
357.0	1891	172.16.45.98	49159	104.18.40.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no referer	1
357.0	1891	172.16.45.98	49159	104.18.40.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no accept headers	1
357.0	1899	172.16.45.98	49159	104.18.40.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no referer	1
357.0	1899	172.16.45.98	49159	104.18.40.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no accept headers	1
417.0	9040	172.16.45.98	49161	104.18.40.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no referer	1
417.0	9040	172.16.45.98	49161	104.18.40.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no accept headers	1
418.0	9111	172.16.45.98	49161	104.18.40.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no referer	1
418.0	9111	172.16.45.98	49161	104.18.40.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no accept headers	1
429.0	9888	172.16.45.98	49160	104.18.40.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no referer	1
429.0	9888	172.16.45.98	49160	104.18.40.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no accept headers	1
429.0	9896	172.16.45.98	49160	104.18.40.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no referer	1
429.0	9896	172.16.45.98	49160	104.18.40.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no accept headers	1
429.0	9904	172.16.45.98	49160	104.18.40.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no referer	1
429.0	9904	172.16.45.98	49160	104.18.40.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no accept headers	1
460.0	20878	23.48.156.193	80	172.16.45.52	49279	Generic Protocol Command Decode	SURICATA STREAM	excessive retransmissions	3
478.0	24328	172.16.45.98	49160	104.18.40.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no referer	1
478.0	24328	172.16.45.98	49160	104.18.40.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no accept headers	1
478.0	24336	172.16.45.98	49160	104.18.40.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no referer	1
478.0	24336	172.16.45.98	49160	104.18.40.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no accept headers	1
491.0	24366	173.241.250.143	80	172.16.45.52	49327	Generic Protocol Command Decode	SURICATA HTTP	unable to match response to request	3
501.0	24559	23.10.145.199	80	172.16.45.52	49315	Generic Protocol Command Decode	SURICATA HTTP	unable to match response to request	3
501.0	24563	69.174.248.197	80	172.16.45.52	49250	Generic Protocol Command Decode	SURICATA HTTP	unable to match response to request	3
501.0	24604	192.31.109.32	80	172.16.45.52	49374	Generic Protocol Command Decode	SURICATA HTTP	unable to match response to request	3
501.0	24606	63.217.21.27	80	172.16.45.52	49248	Generic Protocol Command Decode	SURICATA HTTP	unable to match response to request	3
501.0	24607	63.217.21.24	80	172.16.45.52	49212	Generic Protocol Command Decode	SURICATA HTTP	unable to match response to request	3
501.0	24610	23.203.230.101	80	172.16.45.52	49359	Generic Protocol Command Decode	SURICATA HTTP	unable to match response to request	3
501.0	24620	192.31.109.33	80	172.16.45.52	49235	Generic Protocol Command Decode	SURICATA HTTP	unable to match response to request	3
501.0	24623	23.203.230.101	80	172.16.45.52	49229	Generic Protocol Command Decode	SURICATA HTTP	unable to match response to request	3
501.0	24624	23.203.229.17	80	172.16.45.52	49334	Generic Protocol Command Decode	SURICATA HTTP	unable to match response to request	3
538.0	24807	172.16.45.98	49162	104.18.41.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no referer	1
538.0	24807	172.16.45.98	49162	104.18.41.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no accept headers	1
539.0	24816	172.16.45.98	49162	104.18.41.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no referer	1
539.0	24816	172.16.45.98	49162	104.18.41.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no accept headers	1
599.0	24942	172.16.45.98	49163	104.18.41.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no referer	1
599.0	24942	172.16.45.98	49163	104.18.41.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no accept headers	1
599.0	24950	172.16.45.98	49163	104.18.41.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no referer	1
599.0	24950	172.16.45.98	49163	104.18.41.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no accept headers	1
660.0	25452	172.16.45.98	49164	104.18.40.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no referer	1
660.0	25452	172.16.45.98	49164	104.18.40.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no accept headers	1
660.0	25460	172.16.45.98	49164	104.18.40.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no referer	1
660.0	25460	172.16.45.98	49164	104.18.40.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no accept headers	1
720.0	25529	172.16.45.98	49166	104.18.40.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no referer	1
720.0	25529	172.16.45.98	49166	104.18.40.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no accept headers	1
720.0	25537	172.16.45.98	49166	104.18.40.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no referer	1
720.0	25537	172.16.45.98	49166	104.18.40.172	80	A Network Trojan was detected	ET MALWARE	Trojan Generic - POST To gate.php with no accept headers	1
731.0	25547	63.217.21.41	80	172.16.45.52	49408	Generic Protocol Command Decode	SURICATA HTTP	unable to match response to request	3

Open in new window Done