Table 2 Scan detected from live traffic
Field | Value(s) – scan 1 | Value(s) – scan 2 | Value(s) – scan 3 |
|---|---|---|---|
Scan duration | 6Â minutes, 7Â seconds | 2.8Â seconds | 7Â hours, 48Â minutes |
Protocol | TCP | ICMP and TCP | ICMP |
Flags | SYN or SYN-ACK | SYN or SYN-ACK (TCP only) | N/A |
Source IP (anonymized) | 10.141.12.103 | 10.97.54.7 | 10.60.88.39 |
Source ports | Constant | Varied between 4 values | N/A |
Destination IPs (anonymized) | 84 within 172.40.102.0/24 | 29 within 172.198.57.0/24 | 7 within 172.198.57.0/24 |
110 within 172.45.99.0/24 | |||
122 within 172.110.117.0/24 | |||
Destination ports | Constant | Constant (when TCP) | N/A |
Packets transmitted | 3 per contact | 6 (ICMP) or 1 (TCP) per contact | 1 or 3 per contact |
Total bytes transmitted | 186 per contact | 420 (ICMP) or 62 (TCP) per contact | 70 bytes per packet |
Data bytes transmitted | 24 per contact | 48 (ICMP) or 8 (TCP) per contact | 8 bytes per packet |