Behavioral task
behavioral1
Sample
Walter Goralski - The Illustrated Network_ How TCP_IP Works in a Modern Network-Morgan Kaufmann (2017).pdf
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral2
Sample
Walter Goralski - The Illustrated Network_ How TCP_IP Works in a Modern Network-Morgan Kaufmann (2017).pdf
Resource
win10v2004-20230915-en
windows10-2004-x64
General
-
Target
Walter Goralski - The Illustrated Network_ How TCP_IP Works in a Modern Network-Morgan Kaufmann (2017).pdf
-
Size
9.0MB
-
MD5
bf36414750525d9f95fe92d283b3570e
-
SHA1
e8feb904d4f30bc1cae24f8a1ea260a522cd5470
-
SHA256
b919251b13640390141b6079d9dd05239866a25d4e633f7d5d5955949c346d9d
-
SHA512
2ab7b4bdb7a6e9b38e8ba2662b771bd662fd303c4434ba6a4a156ea22cff7a594368eb587e63e4040a942602f3824d1a006d11a8dc35f00f416f308c72a469f7
-
SSDEEP
196608:O7TSmKflEUrmbcfE30WIoUxhWaiz8qyMz4m/TnGf:O7TwtqbYWexUai4qyM4m/zE
Malware Config
Signatures
Files
-
Walter Goralski - The Illustrated Network_ How TCP_IP Works in a Modern Network-Morgan Kaufmann (2017).pdf.pdf
-
http://www.elsevier.com/permissions
-
https://www.elsevier.com/
-
https://www.elsevier.com/books-and-journals/book-companion/9780128110270
-
http://www.jeffdonahoo.com/practical/CSockets2/textcode.html
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00001-1
-
https://help.ubuntu.com
-
https://landscape.canonical.com
-
https://ubuntu.com/advantage
-
http://www.wireshark.org
-
http://www.rfc-editor.org/rfc.html
-
http://www.ietf.org/ID.html
-
http://www.watersprings.org/pub/id/index-all.html
-
http://www.internic.net
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00002-3
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00003-5
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00004-7
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00005-9
-
http://www.arin.net
-
http://www.ripe.net
-
http://www.apnic.net
-
http://www.lacnic.net
-
http://www.afrinic.net
-
http://www.icann.org
-
http://www.arin.net/policy
-
http://www.arin.net/policy/ipv6_policy.html
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00006-0
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00007-2
-
http://ietfreport.isoc.org/all-ids/draft-mathis-frag-harmful-00.txt
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00008-4
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00009-6
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00010-2
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00011-4
-
http://www.example.com?
-
http://www.iana.org/assignments/port-numbers
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00012-6
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00013-8
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00014-X
-
http://en.wikipedia.org
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00015-1
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00016-3
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00017-5
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00018-7
-
http://www.iana.org/assignments/multicast-addresses
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00019-9
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00020-5
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00021-7
-
http://www.juniper.net
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00022-9
-
http://207.17.137.68
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00023-0
-
http://www.root-servers.org
-
http://www.sales.west.bigcompany.com
-
http://www.example.com
-
http://www.amazon.com
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00024-2
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00025-4
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00026-6
-
http://www.examplephotos.org:8080/cgi-bin/pix.php?WeddingPM#Reception19
-
http://www.sample.com/who%20are%20you%3F
-
http://www.examplebooks.com:8888/cgi-bin/ebook.php?HTTPforChimps#page345
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00027-8
-
http://bsdserver.booklab.englab.jnpr.net
-
http://www.snakeoil.dom
-
http://www.mybank.com
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00028-X
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00029-1
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00030-8
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00031-X
-
http://www.twicenatusedhere.com
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00032-1
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00033-3
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00034-5
-
http://www.ietf.org/rfc.html
-
http://www.ansi.org
-
http://www.itu.int
-
http://www.etsi.org
-
http://www.ieee.org
-
http://www.elsevier.com/permissions.ThisbookandtheindividualcontributionscontainedinitareprotectedundercopyrightbythePublisher
-
https://www.elsevier.com/books-and-journalsPublisher:JonathanSimpsonAcquisitionEditor:ToddGreenEditorialProjectManager:LindsayLawrenceProductionProjectManager:PunithavathyGovindaradjaneCoverDesigner:MilesHitchenTypesetbyMPSLimited,Chennai,India
-
http://shown.FIGUREP.1Theillustratednetwork.xxx
-
https://www.elsevier.com/books-and-journals/book-companion/9780128110270.Thereyouwillfindmanyofthecapturefilestoexploresomeoftheprotocolsonyourown.SOURCECODEChapter3onnetworktechnologiesusesexamplesfromwirelessnetworkcapturessuppliedbyAeropeek.Chapter12onsocketsuseslistingsfromutilityprogramswrittenbyMichaelJ.DonahooandKennethL.Calvertfortheirexcellentbook,TCP/IPSocketsinC
-
http://andthesourcecodeisavailableatwww.jeffdonahoo.com/practical/CSockets2/textcode.html
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00001-1�2017ElsevierInc.Allrightsreserved.3
-
https://ubuntu.com/advantageSysteminformationasofThuMar1711:14:55MDT2016...0packagescanbeupdated.0updatesaresecurityupdates.Lastlogin:ThuMar1711:07:562016from...Wecanalsouseahosttoaccessarouteronthenetwork.Asmentionedear-lier,arouterisatypeofintermediatesystem
-
http://isavailablefreeofchargeatwww.wireshark.org
-
http://RFCscanbefoundatwww.rfc-editor.org/rfc.html.CurrentInternetdraftscanbefoundatwww.ietf.org/ID.html.ExpiredInternetdraftscanbefoundatwww.watersprings.org/pub/id/index-all.html.INTERNETADMINISTRATIONAstheInternethasevolvedfromanenvironmentwithalargestudentuserpopu-lationtoamorecommercializednetworkwithabroaduserbase,thegroupsthathaveguidedandcoordinatedInternetissueshaveevolved.Figure1.7showsthegeneralstructureoftheInternetadministrationentities.InternetSociety
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00002-3�2017ElsevierInc.Allrightsreserved.47
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00003-5�2017ElsevierInc.Allrightsreserved.71
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00004-7�2017ElsevierInc.Allrightsreserved.107
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00005-9�2017ElsevierInc.Allrightsreserved.139
-
http://atwww.arin.net
-
http://atwww.ripe.net
-
http://atwww.apnic.net
-
http://atwww.lacnic.net
-
http://atwww.afrinic.net
-
http://seewww.icann.org
-
http://whoallocateIPv6addressestotheircustomers.Thecurrentpolicyisgivenatwww.arin.net/policy.Anolderpol-icyisusedinthischapter
-
http://seewww.arin.net/policy/ipv6_policy.html
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00006-0�2017ElsevierInc.Allrightsreserved.175
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00007-2�2017ElsevierInc.Allrightsreserved.197
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00008-4�2017ElsevierInc.Allrightsreserved.221
-
http://walterg.ping
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00009-6�2017ElsevierInc.Allrightsreserved.247
-
http://1Gatewaylocalhost.booklablocalhost.booklab.link
-
http://1localhost.booklab.link
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00010-2�2017ElsevierInc.Allrightsreserved.267
-
http://24O106.ge
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00011-4�2017ElsevierInc.Allrightsreserved.289
-
http://WhatIPaddressgoeswithwww.example.com
-
http://seewww.iana.org/assignments/port-numbers.TheportnumbersarethesameforIPv4andIPv6.303PortNumbers
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00012-6�2017ElsevierInc.Allrightsreserved.307
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00013-8�2017ElsevierInc.Allrightsreserved.331
-
http://scurrentsourcecodeversionsareavailableatwww.jeffdonahoo.com/practical/CSockets2/textcode.html.We�lluseTCPbecausethereshouldbemorereliabilityderivedfromaconnection-oriented,three-wayhandshakeprotocollikeTCPthaninasimplerequest
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00014-X�2017ElsevierInc.Allrightsreserved.351
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00015-1�2017ElsevierInc.Allrightsreserved.375
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00016-3�2017ElsevierInc.Allrightsreserved.409
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00017-5�2017ElsevierInc.Allrightsreserved.431
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00018-7�2017ElsevierInc.Allrightsreserved.459
-
http://refertothewww.iana.org/assignments/multicast-addressesWebsite.Ifmulticastaddresseshadbeenassignedinthesamemannerthatunicastaddresseswereallocated,theClassDaddressspacewouldhavebeenexhaustedlongago.However,IANAallocatesstaticmulticastaddressesonlyforprotocols.Routerscannotforwardpacketsintheseranges.SomeoftheseaddressesareoutlinedinTable18.2.Table18.2MulticastAddressesUsedforVariousProtocolsAddressPurposeComment224.0.0.0ReservedbaseaddressRFC1112224.0.0.1AllsystemsofthissubnetRFC1112224.0.0.2Allroutersonthissubnet224.0.0.3Unassigned224.0.0.4DVMRProutersonthissubnetRFC1075224.0.0.5AllOSPFroutersonthissubnetRFC1583224.0.0.6AllOSPFDRsonthissubnetRFC1583224.0.0.7AllST
-
http://224.0.0.23-244.0.0.255Seewww.iana.org/assignments/multicast-addresses
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00019-9�2017ElsevierInc.Allrightsreserved.489
-
http://42.to
-
http://57.to
-
http://17.to
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00020-5�2017ElsevierInc.Allrightsreserved.513
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00021-7�2017ElsevierInc.Allrightsreserved.535
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00022-9�2017ElsevierInc.Allrightsreserved.563
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00023-0�2017ElsevierInc.Allrightsreserved.587
-
http://Therearerootserversfortherootzoneandothersfor.com
-
http://seewww.root-servers.org
-
http://andIPAddressServerOperatorIPAddressesa.root-servers.net
-
http://30b.root-servers.net
-
http://bc.root-servers.net
-
http://cd.root-servers.net
-
http://de.root-servers.net
-
http://ef.root-servers.net
-
http://fg.root-servers.net
-
http://d0dh.root-servers.net
-
http://53iroot-servers.net
-
http://53j.root-servers.net
-
http://30k.root-servers.net
-
http://1l.root-servers.net
-
http://42m.root-servers.net
-
http://perhapswebserver.example.com
-
http://ahugebigcompany.commighthaveheadquartersrecordsonthemainDNSbutdelegateDNSchoresformaintainingandhousingeast.bigcompany.com
-
http://andwest.bigcompany.com
-
http://perhapscalledhqns.bigcompany.com
-
http://requestsaWebpagefromwww.sales.west.bigcompany.com
-
http://bigcompany.com
-
http://tobigcompany.com
-
http://forwest.bigcompany.com
-
http://towest.bigcompany.com
-
http://forwww.west.bigcompany.com
-
http://addresswest.bigcompany.com
-
http://Serverbigcompany.com
-
http://Server.com
-
http://andaspecialreversezonefileisusedtoenableresol-verstolookupahostnamebyIPaddress.RRsallendinin-addr.arpa
-
http://www.example.comandftp.example.commightbothberunningonthehostserver.example.com
-
http://variouslynamednamed.ca
-
http://winsrv1.booklab.englab.jnpr.net
-
http://wincli1.booklab.englab.jnpr.net
-
http://lnxserver.booklab.englab.jnpr.net
-
http://pingwincli1.booklab.englab.jnpr.netPINGwincli1.booklab.englab.jnpr.net
-
http://bytesofdata.64bytesfromwincli1.booklab.englab.jnpr.net
-
http://0.768ms64bytesfromwincli1.booklab.englab.jnpr.net
-
http://0.283ms64bytesfromwincli1.booklab.englab.jnpr.net
-
http://0.285ms64bytesfromwincli1.booklab.englab.jnpr.net
-
http://0.259ms64bytesfromwincli1.booklab.englab.jnpr.net
-
http://0.276ms64bytesfromwincli1.booklab.englab.jnpr.net
-
http://0.244ms64bytesfromwincli1.booklab.englab.jnpr.net
-
http://named.ca
-
http://inthehintsfilenamed.ca
-
http://lnxserver.booklab.juniper.net
-
http://f.gtld-servers.net
-
http://g.gtld-servers.net
-
http://h.gtld-servers.net
-
http://i.gtld-servers.net
-
http://j.gtld-servers.net
-
http://k.gtld-servers.net
-
http://l.gtld-servers.net
-
http://m.gtld-servers.net
-
http://a.gtld-servers.net
-
http://b.gtld-servers.net
-
http://c.gtld-servers.net
-
http://d.gtld-servers.net
-
http://e.gtld-servers.neta.gtld-servers.netinternetaddress5198.41.0.4a.gtld-servers.net
-
http://30b.gtld-servers.netinternetaddress5192.228.79.201b.gtld-servers.net
-
http://bc.gtld-servers.netinternetaddress5192.33.44.12c.gtld-servers.net
-
http://cd.gtld-servers.netinternetaddress5192.7.91.13d.gtld-servers.net
-
http://de.gtld-servers.netinternetaddress5192.203.230.10e.gtld-servers.net
-
http://ef.gtld-servers.netinternetaddress5192.5.5.241f.gtld-servers.net
-
http://fg.gtld-servers.netinternetaddress5192.112.36.4g.gtld-servers.net
-
http://d0dh.gtld-servers.netinternetaddress5198.97.190.53h.gtld-servers.net
-
http://53i.gtld-servers.netinternetaddress5192.36.148.17i.gtld-servers.net
-
http://53j.gtld-servers.netinternetaddress5192.58.129.30j.gtld-servers.net
-
http://30k.gtld-servers.netinternetaddress5193.0.14.129k.gtld-servers.net
-
http://1l.gtld-servers.netinternetaddress5199.7.83.42l.gtld-servers.net
-
http://42m.gtld-servers.netinternetaddress5202.12.27.33m.gtld-servers.net
-
http://swhatthetraditionalInternethostnameendingssuchas.com
-
http://.12h46m16sINNSd.root-servers.net..12h46m16sINNSa.root-servers.net..12h46m16sINNSh.root-servers.net..12h46m16sINNSc.root-servers.net..12h46m16sINNSg.root-servers.net..12h46m16sINNSf.root-servers.net..12h46m16sINNSb.root-servers.net..12h46m16sINNSj.root-servers.net..12h46m16sINNSk.root-servers.net..12h46m16sINNSl.root-servers.net..12h46m16sINNSm.root-servers.net..12h46m16sINNSi.root-servers.net..12h46m16sINNSe.root-servers.net
-
http://d.root-servers.net.12h46m16sINA128.8.10.90a.root-servers.net.12h46m16sINA198.41.0.4h.root-servers.net.12h46m16sINA128.63.2.53c.root-servers.net.12h46m16sINA192.33.4.12g.root-servers.net.12h46m16sINA192.112.36.4f.root-servers.net.12h46m16sINA192.5.5.241b.root-servers.net.12h46m16sINA192.228.79.201j.root-servers.net.12h46m16sINA192.58.128.30k.root-servers.net.12h46m16sINA193.0.14.129l.root-servers.net.12h46m16sINA198.32.64.12m.root-servers.net.12h46m16sINA202.12.27.33i.root-servers.net.12h46m16sINA192.36.148.17e.root-servers.net
-
http://exampleandlookfortheIPaddressoftheserverforwww.amazon.com
-
http://digwww.amazon.com
-
http://..www.amazon.com
-
http://www.amazon.com.21h7m55sINNSns-40.amazon.com.www.amazon.com.21h7m55sINNSns-30.amazon.com.www.amazon.com.21h7m55sINNSns-20.amazon.com.www.amazon.com.21h7m55sINNSns-10.amazon.com
-
http://ns-40.amazon.com
-
http://ns-40.amazon.comwww.amazon.com
-
http://host-vwww.amazon.comns-40.amazon.com
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00024-2�2017ElsevierInc.Allrightsreserved.613
-
http://ftpftp..help
-
http://ftpftp.open
-
http://testfile.zip
-
http://150Openingdataconnectionfortestfile.zip
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00025-4�2017ElsevierInc.Allrightsreserved.637
-
http://bsdserver.booklab.englab.juniper.net
-
http://example.commightbesenttoaremoteemailserverknownaspop3.example.com
-
http://example.com
-
http://bsdclient.example.com
-
http://lnxserver.booklab.englab.juniper.net
-
http://lnxclient.booklab.englab.juniper.net
-
http://bylnxclient.booklab.englab.juniper.net
-
http://fromlnxclient.booklab.englab.juniper.net
-
http://bylnxserver.booklab.englab.juniper.net
-
http://frombeta.jnpr.net
-
http://frommerlot.juniper.net
-
http://fromlnxclient.englab.juniper.net
-
http://lnxclient.englab.juniper.net
-
http://bymerlot.juniper.net
-
http://juniper.net
-
http://bylnxclient.englab.juniper.net
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00026-6�2017ElsevierInc.Allrightsreserved.661
-
http://www.example.com:8080/cgi-bin/figs.php?Ch22#Fig1FIGURE26.6ThefieldsofacompleteURL,showingthatthedefaultvaluesusedinthefieldsareabsent.668CHAPTER26HypertextTransferProtocol
-
http://ftp.example.com
-
http://mail.example.com:32888/mymail/ShowLetter?MsgID-5551212#1Theusermyself,authenticatedwithmypassword,isaccessingthemail.example.comserveratTCPport32888,goingtothedirectory/mymail,andrunningthe669HTTPinAction
-
http://.www.examplephotos.org:8080/cgi-bin/pix.php?WeddingPM#Reception19Theuserisgoingtoapubliclyaccessiblepartofthesitecalledwww.example-photos.org,whichisrunningonTCPport8080
-
http://tobepresented.www.sample.com/who%20are%20you%3FFilenamesthathaveembeddedspacesandspecialcharactersthatarethesameasURLdelimiterscanbeaproblem.ThisURLaccessesafilenamedwhoareyou?inthedefaultdirectoryatthewww.sample.comsite.Thereare21�unsafe�URLcharactersthatcanberepresentedthisway.TherearemanyotherURL�rules�
-
http://ifwewantedtomakeaWebpageatwww.loserexample.com
-
http://appearasifitislocatedatwww.nobelprizewinners.org
-
http://www.nobelprizewinners.org
-
http://www.examplebooks.com:8888/cgi-bin/ebook.php?HTTPforChimps#page345.4.CompletelyparsethefollowingURL:ftp://ftp.freestuff.com/Is%20This%20Really%20Free%3F.5.Whatisacookieusedfor?Examineyourcookies.txtfile.FIGURE26.10TheApacheservercapture.684CHAPTER26HypertextTransferProtocol
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00027-8�2017ElsevierInc.Allrightsreserved.685
-
http://suchaswww.example.com
-
http://signedmessagestoMyBankatwww.mybank.com
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00028-X�2017ElsevierInc.Allrightsreserved.707
-
http://iso.org
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00029-1�2017ElsevierInc.Allrightsreserved.731
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00030-8�2017ElsevierInc.Allrightsreserved.761
-
http://TheserveropensthischanneltypebacktotheclienttocarryremotelyforwardedTCPportdata.direct
-
http://soitiscarefullycontrolled.shell
-
http://openssh.com
-
http://lysator.liu.se
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00031-X�2017ElsevierInc.Allrightsreserved.785
-
http://8asaprivateaddress.Localhost9.0.0.27needstosendtoaserverthatturnsouttobeatIBMandisalso9.0.0.2.Thefollowingiswhathappens.Localclient9.0.0.27sendsaDNSrequesttogettheaddressoftheWebserveratwww.twicenatusedhere.com
-
http://seethedocumentationatwww.juniper.net
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00032-1�2017ElsevierInc.Allrightsreserved.799
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00033-3�2017ElsevierInc.Allrightsreserved.813
-
http://dx.doi.org/10.1016/B978-0-12-811027-0.00034-5�2017ElsevierInc.Allrightsreserved.833
-
http://1999.RFCSANDINTERNETDRAFTSAllRFCscanbeobtainedfromwww.ietf.org/rfc.htmlInternetdraftsareavailableatwww.ietf.org/ID.htmlAninterestingarchiveofexpireddraftscanbefoundatwww.watersprings.org/pub/id/index-all.htmlRELATEDSTANDARDSDOCUMENTSAmericanNationalStandardsInstitute,Inc.
- Show all
-