+++ /dev/null
-#!/usr/local/bin/python2.7
-
-""" -----------------------------------------------------------------------------
- CAPture - a pcap file analyzer and report generator
- (c) 2017 - Rahmadi Trimananda
- University of California, Irvine - Programming Language and Systems
- -----------------------------------------------------------------------------
- Credits to tutorial: https://dpkt.readthedocs.io/en/latest/
- -----------------------------------------------------------------------------
-"""
-
-import datetime
-import dpkt
-from dpkt.compat import compat_ord
-
-import socket
-import sys
-
-""" -----------------------------------------------------------------------------
- Global variable declarations
- -----------------------------------------------------------------------------
-"""
-# Command line arguments
-INPUT = "-i"
-OUTPUT = "-o"
-POINT_TO_MANY = "-pm"
-VERBOSE = "-v"
-
-
-def mac_addr(address):
- # Courtesy of: https://dpkt.readthedocs.io/en/latest/
- """ Convert a MAC address to a readable/printable string
- Args:
- address (str): a MAC address in hex form (e.g. '\x01\x02\x03\x04\x05\x06')
- Returns:
- str: Printable/readable MAC address
- """
- return ':'.join('%02x' % compat_ord(b) for b in address)
-
-
-def inet_to_str(inet):
- # Courtesy of: https://dpkt.readthedocs.io/en/latest/
- """ Convert inet object to a string
- Args:
- inet (inet struct): inet network address
- Returns:
- str: Printable/readable IP address
- """
- # First try ipv4 and then ipv6
- try:
- return socket.inet_ntop(socket.AF_INET, inet)
- except ValueError:
- return socket.inet_ntop(socket.AF_INET6, inet)
-
-
-def show_usage():
- """ Show usage of this Python script
- """
- print "Usage: python CAPture.py [ -i <file-name>.pcap ] [ -o <file-name>.pcap ] [ -pm ] [ -v ]"
- print
- print "[ -o ] = output file"
- print "[ -pm ] = point-to-many analysis"
- print "[ -v ] = verbose output"
- print "By default, this script does simple statistical analysis of IP, TCP, and UDP packets."
- print "(c) 2017 - University of California, Irvine - Programming Language and Systems"
-
-
-def show_progress(verbose, counter):
- """ Show packet processing progress
- Args:
- verbose: verbose output (True/False)
- counter: counter of all packets
- """
- if verbose:
- print "Processing packet number: ", counter
- else:
- if counter % 100000 == 0:
- print "Processing %s packets..." % counter
-
-
-def show_summary(counter, ip_counter, tcp_counter, udp_counter):
- """ Show summary of statistics of PCAP file
- Args:
- counter: counter of all packets
- ip_counter: counter of all IP packets
- tcp_counter: counter of all TCP packets
- udp_counter: counter of all UDP packets
- """
- print
- print "Total number of packets in the pcap file: ", counter
- print "Total number of ip packets: ", ip_counter
- print "Total number of tcp packets: ", tcp_counter
- print "Total number of udp packets: ", udp_counter
- print
-
-
-def save_to_file(tbl_header, dictionary, filename_out):
- """ Show summary of statistics of PCAP file
- Args:
- tbl_header: header for the saved table
- dictionary: dictionary to be saved
- filename_out: file name to save
- """
- # Appending, not overwriting!
- f = open(filename_out, 'a')
- # Write the table header
- f.write("\n\n" + str(tbl_header) + "\n");
- # Iterate over dictionary and write (key, value) pairs
- for key, value in dictionary.iteritems():
- f.write(str(key) + ", " + str(value) + "\n")
-
- f.close()
- print "Writing output to file: ", filename_out
-
-
-def statistical_analysis(verbose, pcap, counter, ip_counter, tcp_counter, udp_counter):
- """ This is the default analysis of packet statistics (generic)
- Args:
- verbose: verbose output (True/False)
- pcap: object that handles PCAP file content
- counter: counter of all packets
- ip_counter: counter of all IP packets
- tcp_counter: counter of all TCP packets
- udp_counter: counter of all UDP packets
- """
- for time_stamp, packet in pcap:
-
- counter += 1
- eth = dpkt.ethernet.Ethernet(packet)
-
- if verbose:
- # Print out the timestamp in UTC
- print "Timestamp: ", str(datetime.datetime.utcfromtimestamp(time_stamp))
- # Print out the MAC addresses
- print "Ethernet frame: ", mac_addr(eth.src), mac_addr(eth.dst), eth.data.__class__.__name__
-
- # Process only IP data
- if not isinstance(eth.data, dpkt.ip.IP):
-
- is_ip = False
- if verbose:
- print "Non IP packet type not analyzed... skipping..."
- else:
- is_ip = True
-
- if is_ip:
- ip = eth.data
- ip_counter += 1
-
- # Pull out fragment information (flags and offset all packed into off field, so use bitmasks)
- do_not_fragment = bool(ip.off & dpkt.ip.IP_DF)
- more_fragments = bool(ip.off & dpkt.ip.IP_MF)
- fragment_offset = ip.off & dpkt.ip.IP_OFFMASK
-
- if verbose:
- # Print out the complete IP information
- print "IP: %s -> %s (len=%d ttl=%d DF=%d MF=%d offset=%d)\n" % \
- (inet_to_str(ip.src), inet_to_str(ip.dst), ip.len, ip.ttl, do_not_fragment,
- more_fragments, fragment_offset)
-
- # Count TCP packets
- if ip.p == dpkt.ip.IP_PROTO_TCP:
- tcp_counter += 1
-
- # Count UDP packets
- if ip.p == dpkt.ip.IP_PROTO_UDP:
- udp_counter += 1
-
- show_progress(verbose, counter)
-
- # Print general statistics
- show_summary(counter, ip_counter, tcp_counter, udp_counter)
-
-
-def point_to_many_analysis(filename_out, dev_add, verbose, pcap, counter, ip_counter,
- tcp_counter, udp_counter):
- """ This analysis presents how 1 device (MAC address or IP address) communicates
- to every other device in the analyzed PCAP file.
- Args:
- dev_add: device address (MAC or IP address)
- verbose: verbose output (True/False)
- pcap: object that handles PCAP file content
- counter: counter of all packets
- ip_counter: counter of all IP packets
- tcp_counter: counter of all TCP packets
- udp_counter: counter of all UDP packets
- """
- # Dictionary that preserves the mapping between destination address to frequency
- mac2freq = dict()
- ip2freq = dict()
- for time_stamp, packet in pcap:
-
- counter += 1
- eth = dpkt.ethernet.Ethernet(packet)
-
- # Save the timestamp and MAC addresses
- tstamp = str(datetime.datetime.utcfromtimestamp(time_stamp))
- mac_src = mac_addr(eth.src)
- mac_dst = mac_addr(eth.dst)
-
- # Process only IP data
- if not isinstance(eth.data, dpkt.ip.IP):
-
- is_ip = False
- if verbose:
- print "Non IP packet type not analyzed... skipping..."
- print
- else:
- is_ip = True
-
- if is_ip:
- ip = eth.data
- ip_counter += 1
-
- # Pull out fragment information (flags and offset all packed into off field, so use bitmasks)
- do_not_fragment = bool(ip.off & dpkt.ip.IP_DF)
- more_fragments = bool(ip.off & dpkt.ip.IP_MF)
- fragment_offset = ip.off & dpkt.ip.IP_OFFMASK
-
- # Save IP addresses
- ip_src = inet_to_str(ip.src)
- ip_dst = inet_to_str(ip.dst)
-
- if verbose:
- # Print out the complete IP information
- print "IP: %s -> %s (len=%d ttl=%d DF=%d MF=%d offset=%d)\n" % \
- (ip_src, ip_dst, ip.len, ip.ttl, do_not_fragment,
- more_fragments, fragment_offset)
-
- # Categorize packets based on source device address
- # Save the destination device addresses (point-to-many)
- if dev_add == ip_src:
- if ip_dst in ip2freq:
- freq = ip2freq[ip_dst]
- ip2freq[ip_dst] = freq + 1
- else:
- ip2freq[ip_dst] = 1
-
- if dev_add == mac_src:
- if mac_dst in ip2freq:
- freq = mac2freq[mac_dst]
- mac2freq[mac_dst] = freq + 1
- else:
- mac2freq[mac_dst] = 1
-
- # Count TCP packets
- if ip.p == dpkt.ip.IP_PROTO_TCP:
- tcp_counter += 1
-
- # Count UDP packets
- if ip.p == dpkt.ip.IP_PROTO_UDP:
- udp_counter += 1
-
- show_progress(verbose, counter)
-
- # Print general statistics
- show_summary(counter, ip_counter, tcp_counter, udp_counter)
- # Save results into file if filename_out is not empty
- if not filename_out == "":
- print "Saving results into file: ", filename_out
- ip_tbl_header = "Point-to-many Analysis - IP destinations for " + dev_add
- mac_tbl_header = "Point-to-many Analysis - MAC destinations for " + dev_add
- save_to_file(ip_tbl_header, ip2freq, filename_out)
- save_to_file(mac_tbl_header, mac2freq, filename_out)
- else:
- print "Output file name is not specified... exitting now!"
-
-
-def parse_cli_args(argv):
- """ Parse command line arguments and store them in a dictionary
- Args:
- argv: list of command line arguments and their values
- Returns:
- str: dictionary that maps arguments to their values
- """
- options = dict()
- # First argument is "CAPture.py", so skip it
- argv = argv[1:]
- # Loop and collect arguments and their values
- while argv:
- print "Examining argument: ", argv[0]
- # Check the first character of each argv list
- # If it is a '-' then it is a command line argument
- if argv[0][0] == '-':
- if argv[0] == VERBOSE:
- # We don't have value for the argument VERBOSE
- options[argv[0]] = argv[0]
- # Remove one command line argument and its value
- argv = argv[1:]
- else:
- options[argv[0]] = argv[1]
- # Remove one command line argument and its value
- argv = argv[2:]
-
- return options
-
-
-""" -----------------------------------------------------------------------------
- Main Running Methods
- -----------------------------------------------------------------------------
-"""
-def main():
- # Variable declarations
- global CAP_EXTENSION
- global PCAP_EXTENSION
- global VERBOSE
- global POINT_TO_MANY
-
- # Counters
- counter = 0
- ip_counter = 0
- tcp_counter = 0
- udp_counter = 0
- # Booleans as flags
- verbose = False
- is_ip = True
- is_statistical_analysis = True
- is_point_to_many_analysis = False
- # Names
- filename_in = ""
- filename_out = ""
- dev_add = ""
-
- # Welcome message
- print
- print "Welcome to CAPture version 1.0 - A PCAP file instant analyzer!"
-
- # Get file name from user input
- # Show usage if file name is not specified (only accept 1 file name for now)
- if len(sys.argv) < 2:
- show_usage()
- print
- return
-
- # Check and process sys.argv
- options = parse_cli_args(sys.argv)
- for key, value in options.iteritems():
- # Process "-i" - input PCAP file
- if key == INPUT:
- filename_in = value
- elif key == OUTPUT:
- filename_out = value
- elif key == VERBOSE:
- verbose = True
- elif key == POINT_TO_MANY:
- is_statistical_analysis = False
- is_point_to_many_analysis = True
- dev_add = value
-
- # Show manual again if input is not correct
- if filename_in == "":
- print "File name is empty!"
- print
- show_usage()
- print
- return
-
- # dev_add is needed for these analyses
- if is_point_to_many_analysis and dev_add == "":
- print "Device address is empty!"
- print
- show_usage()
- print
- return
-
- # One PCAP file name is specified - now analyze!
- print "Analyzing PCAP file: ", filename_in
-
- # Opening and analyzing PCAP file
- f = open(filename_in,'rb')
- pcap = dpkt.pcap.Reader(f)
-
- # Choose from the existing options
- if is_statistical_analysis:
- statistical_analysis(verbose, pcap, counter, ip_counter, tcp_counter, udp_counter)
- elif is_point_to_many_analysis:
- point_to_many_analysis(filename_out, dev_add, verbose, pcap, counter, ip_counter,
- tcp_counter, udp_counter)
-
-
-if __name__ == "__main__":
- # call main function since this is being run as the start
- main()
-
-
+++ /dev/null
-#!/usr/bin/python
-
-"""
-Script that constructs a graph in which hosts are nodes.
-An edge between two hosts indicate that the hosts communicate.
-Hosts are labeled and identified by their IPs.
-The graph is written to a file in Graph Exchange XML format for later import and visual inspection in Gephi.
-
-The input to this script is the JSON output by extract_from_tshark.py by Anastasia Shuba.
-
-This script is a simplification of Milad Asgari's parser_data_to_gephi.py script.
-It serves as a baseline for future scripts that want to include more information in the graph.
-"""
-
-import socket
-import json
-import tldextract
-import networkx as nx
-import sys
-from decimal import *
-
-import parse_dns
-
-JSON_KEY_ETH_SRC = "eth.src"
-JSON_KEY_ETH_DST = "eth.dst"
-
-def parse_json(file_path):
-
- device_dns_mappings = parse_dns.parse_json_dns("./dns.json")
-
- # Init empty graph
- G = nx.DiGraph()
- with open(file_path) as jf:
- # Read JSON.
- # data becomes reference to root JSON object (or in our case json array)
- data = json.load(jf)
- # Loop through json objects in data
- for k in data:
- # Fetch timestamp of packet
- packet_timestamp = Decimal(data[k]["ts"])
- # Fetch eth source and destination info
- eth_src = data[k][JSON_KEY_ETH_SRC]
- eth_dst = data[k][JSON_KEY_ETH_DST]
- # Traffic can be both outbound and inbound.
- # Determine which one of the two by looking up device MAC in DNS map.
- iot_device = None
- if eth_src in device_dns_mappings:
- iot_device = eth_src
- elif eth_dst in device_dns_mappings:
- iot_device = eth_dst
- else:
- print "[ WARNING: DNS mapping not found for device with MAC", eth_src, "OR", eth_dst, "]"
- # This must be local communication between two IoT devices OR an IoT device talking to a hardcoded IP.
- # For now let's assume local communication.
- # Add a node for each device and an edge between them.
- G.add_node(eth_src)
- G.add_node(eth_dst)
- G.add_edge(eth_src, eth_dst)
- # TODO add regex check on src+dst IP to figure out if hardcoded server IP (e.g. check if one of the two are NOT a 192.168.x.y IP)
- continue
- # It is outbound traffic if iot_device matches src, otherwise it must be inbound traffic.
- outbound_traffic = iot_device == eth_src
-
- ''' Graph construction '''
- # No need to check if the Nodes and/or Edges we add already exist:
- # NetworkX won't add already existing nodes/edges (except in the case of a MultiGraph or MultiDiGraph (see NetworkX doc)).
-
- # Add a node for each host.
- # First add node for IoT device.
- G.add_node(iot_device)
- # Then add node for the server.
- # For this we need to distinguish between outbound and inbound traffic so that we look up the proper IP in our DNS map.
- # For outbound traffic, the server's IP is the destination IP.
- # For inbound traffic, the server's IP is the source IP.
- server_ip = data[k]["dst_ip"] if outbound_traffic else data[k]["src_ip"]
- hostname = device_dns_mappings[iot_device].hostname_for_ip_at_time(server_ip, packet_timestamp)
- if hostname is None:
- # TODO this can occur when two local devices communicate OR if IoT device has hardcoded server IP.
- # However, we only get here for the DNS that have not performed any DNS lookups
- # We should use a regex check early in the loop to see if it is two local devices communicating.
- # This way we would not have to consider these corner cases later on.
- print "[ WARNING: no ip-hostname mapping found for ip", server_ip, " -- adding eth.src->eth.dst edge, but note that this may be incorrect if IoT device has hardcoded server IP ]"
- G.add_node(eth_src)
- G.add_node(eth_dst)
- G.add_edge(eth_src, eth_dst)
- continue
- G.add_node(hostname)
- # Connect the two nodes we just added.
- if outbound_traffic:
- G.add_edge(iot_device, hostname)
- else:
- G.add_edge(hostname, iot_device)
- return G
-
-# ------------------------------------------------------
-# Not currently used.
-# Might be useful later on if we wish to resolve IPs.
-def get_domain(host):
- ext_result = tldextract.extract(str(host))
- # Be consistent with ReCon and keep suffix
- domain = ext_result.domain + "." + ext_result.suffix
- return domain
-
-def is_IP(addr):
- try:
- socket.inet_aton(addr)
- return True
- except socket.error:
- return False
-# ------------------------------------------------------
-
-if __name__ == '__main__':
- if len(sys.argv) < 3:
- print "Usage:", sys.argv[0], "input_file output_file"
- print "outfile_file should end in .gexf"
- sys.exit(0)
- # Input file: Path to JSON file generated from tshark JSON output using Anastasia's script (extract_from_tshark.py).
- input_file = sys.argv[1]
- print "[ input_file =", input_file, "]"
- # Output file: Path to file where the Gephi XML should be written.
- output_file = sys.argv[2]
- print "[ output_file =", output_file, "]"
- # Construct graph from JSON
- G = parse_json(input_file)
- # Write Graph in Graph Exchange XML format
- nx.write_gexf(G, output_file)
+++ /dev/null
-[
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 17:07:51.560156000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508458071.560156000",
- "frame.time_delta": "1.053360000",
- "frame.time_delta_displayed": "0.000000000",
- "frame.time_relative": "359.154952000",
- "frame.number": "380",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x0000c5d4",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000f2e8",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "35041",
- "udp.dstport": "53",
- "udp.port": "35041",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x0000d04f",
- "udp.checksum.status": "2",
- "udp.stream": "19"
- },
- "dns": {
- "dns.response_in": "381",
- "dns.id": "0x00000487",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 17:07:51.597999000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508458071.597999000",
- "frame.time_delta": "0.037843000",
- "frame.time_delta_displayed": "0.037843000",
- "frame.time_relative": "359.192795000",
- "frame.number": "381",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x00001e6a",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000989e",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "35041",
- "udp.port": "53",
- "udp.port": "35041",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "19"
- },
- "dns": {
- "dns.response_to": "380",
- "dns.time": "0.037843000",
- "dns.id": "0x00000487",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "115",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "13313",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.113"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.125"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "485",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "485",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "485",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "485",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "485",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "485",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "485",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "485",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "485",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3795",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2515",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.229"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3016",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.229"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.241": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3200",
- "dns.resp.len": "4",
- "dns.a": "165.254.134.241"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2106",
- "dns.resp.len": "4",
- "dns.a": "204.1.137.41"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.33": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3857",
- "dns.resp.len": "4",
- "dns.a": "204.1.137.33"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3654",
- "dns.resp.len": "4",
- "dns.a": "165.254.16.95"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.239": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3718",
- "dns.resp.len": "4",
- "dns.a": "165.254.134.239"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2491",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 17:22:51.607393000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508458971.607393000",
- "frame.time_delta": "4.029605000",
- "frame.time_delta_displayed": "900.009394000",
- "frame.time_relative": "1259.202189000",
- "frame.number": "1239",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x00000103",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000b7ba",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "57902",
- "udp.dstport": "53",
- "udp.port": "57902",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x00007701",
- "udp.checksum.status": "2",
- "udp.stream": "36"
- },
- "dns": {
- "dns.response_in": "1240",
- "dns.id": "0x00000488",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 17:22:51.678853000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508458971.678853000",
- "frame.time_delta": "0.071460000",
- "frame.time_delta_displayed": "0.071460000",
- "frame.time_relative": "1259.273649000",
- "frame.number": "1240",
- "frame.len": "467",
- "frame.cap_len": "467",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "453",
- "ip.id": "0x00004f7c",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x000067ba",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "57902",
- "udp.port": "53",
- "udp.port": "57902",
- "udp.length": "433",
- "udp.checksum": "0x000083b4",
- "udp.checksum.status": "2",
- "udp.stream": "36"
- },
- "dns": {
- "dns.response_to": "1239",
- "dns.time": "0.071460000",
- "dns.id": "0x00000488",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "8",
- "dns.count.add_rr": "8",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "115",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "12413",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.113"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.125"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "587",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "587",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "587",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "587",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "587",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "587",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "587",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "587",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2895",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1615",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.229"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2116",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.229"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.241": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2300",
- "dns.resp.len": "4",
- "dns.a": "165.254.134.241"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1206",
- "dns.resp.len": "4",
- "dns.a": "204.1.137.41"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.33": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2957",
- "dns.resp.len": "4",
- "dns.a": "204.1.137.33"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2754",
- "dns.resp.len": "4",
- "dns.a": "165.254.16.95"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.239": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2818",
- "dns.resp.len": "4",
- "dns.a": "165.254.134.239"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 17:33:23.045476000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508459603.045476000",
- "frame.time_delta": "1.106645000",
- "frame.time_delta_displayed": "631.366623000",
- "frame.time_relative": "1890.640272000",
- "frame.number": "1873",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x00001f1b",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000999f",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "44067",
- "udp.dstport": "53",
- "udp.port": "44067",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x00001491",
- "udp.checksum.status": "2",
- "udp.stream": "51"
- },
- "dns": {
- "dns.response_in": "1874",
- "dns.id": "0x00000489",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 17:33:23.047090000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508459603.047090000",
- "frame.time_delta": "0.001614000",
- "frame.time_delta_displayed": "0.001614000",
- "frame.time_relative": "1890.641886000",
- "frame.number": "1874",
- "frame.len": "137",
- "frame.cap_len": "137",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "123",
- "ip.id": "0x00002b52",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00008d2e",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "44067",
- "udp.port": "53",
- "udp.port": "44067",
- "udp.length": "103",
- "udp.checksum": "0x0000826a",
- "udp.checksum.status": "2",
- "udp.stream": "51"
- },
- "dns": {
- "dns.response_to": "1873",
- "dns.time": "0.001614000",
- "dns.id": "0x00000489",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "1",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- },
- "Authoritative nameservers": {
- "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "6",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "643",
- "dns.resp.len": "46",
- "dns.soa.mname": "ns1.ext.philips.com",
- "dns.soa.rname": "ddi-authority.philips.com",
- "dns.soa.serial_number": "387",
- "dns.soa.refresh_interval": "1200",
- "dns.soa.retry_interval": "300",
- "dns.soa.expire_limit": "1209600",
- "dns.soa.mininum_ttl": "3600"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 17:33:23.048272000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508459603.048272000",
- "frame.time_delta": "0.001182000",
- "frame.time_delta_displayed": "0.001182000",
- "frame.time_relative": "1890.643068000",
- "frame.number": "1875",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x00001f1c",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000999e",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "51510",
- "udp.dstport": "53",
- "udp.port": "51510",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x0000127d",
- "udp.checksum.status": "2",
- "udp.stream": "52"
- },
- "dns": {
- "dns.response_in": "1876",
- "dns.id": "0x0000048a",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 17:33:23.049516000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508459603.049516000",
- "frame.time_delta": "0.001244000",
- "frame.time_delta_displayed": "0.001244000",
- "frame.time_relative": "1890.644312000",
- "frame.number": "1876",
- "frame.len": "285",
- "frame.cap_len": "285",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "271",
- "ip.id": "0x00002b53",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00008c99",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "51510",
- "udp.port": "53",
- "udp.port": "51510",
- "udp.length": "251",
- "udp.checksum": "0x000082fe",
- "udp.checksum.status": "2",
- "udp.stream": "52"
- },
- "dns": {
- "dns.response_to": "1875",
- "dns.time": "0.001244000",
- "dns.id": "0x0000048a",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "1",
- "dns.count.auth_rr": "3",
- "dns.count.add_rr": "6",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
- "dns.resp.name": "dcp.cpp.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "644",
- "dns.resp.len": "4",
- "dns.a": "5.79.62.93"
- }
- },
- "Authoritative nameservers": {
- "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "644",
- "dns.resp.len": "10",
- "dns.ns": "ns1.ext.philips.com"
- },
- "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "644",
- "dns.resp.len": "6",
- "dns.ns": "ns2.ext.philips.com"
- },
- "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "644",
- "dns.resp.len": "6",
- "dns.ns": "ns3.ext.philips.com"
- }
- },
- "Additional records": {
- "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
- "dns.resp.name": "ns1.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "155007",
- "dns.resp.len": "4",
- "dns.a": "57.67.40.20"
- },
- "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
- "dns.resp.name": "ns2.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3438",
- "dns.resp.len": "4",
- "dns.a": "57.77.21.76"
- },
- "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
- "dns.resp.name": "ns3.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3438",
- "dns.resp.len": "4",
- "dns.a": "57.73.36.68"
- },
- "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
- "dns.resp.name": "ns1.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "158626",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
- },
- "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
- "dns.resp.name": "ns2.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "151199",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
- },
- "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
- "dns.resp.name": "ns3.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "151199",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 17:33:23.470381000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508459603.470381000",
- "frame.time_delta": "0.000880000",
- "frame.time_delta_displayed": "0.420865000",
- "frame.time_relative": "1891.065177000",
- "frame.number": "1892",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x00001f22",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00009998",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "44843",
- "udp.dstport": "53",
- "udp.port": "44843",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x00001187",
- "udp.checksum.status": "2",
- "udp.stream": "53"
- },
- "dns": {
- "dns.response_in": "1893",
- "dns.id": "0x0000048b",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 17:33:23.470880000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508459603.470880000",
- "frame.time_delta": "0.000499000",
- "frame.time_delta_displayed": "0.000499000",
- "frame.time_relative": "1891.065676000",
- "frame.number": "1893",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x00002b76",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00008d44",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "44843",
- "udp.port": "53",
- "udp.port": "44843",
- "udp.length": "45",
- "udp.checksum": "0x00008230",
- "udp.checksum.status": "2",
- "udp.stream": "53"
- },
- "dns": {
- "dns.response_to": "1892",
- "dns.time": "0.000499000",
- "dns.id": "0x0000048b",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 17:33:23.471684000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508459603.471684000",
- "frame.time_delta": "0.000804000",
- "frame.time_delta_displayed": "0.000804000",
- "frame.time_relative": "1891.066480000",
- "frame.number": "1894",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x00001f23",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00009997",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "40021",
- "udp.dstport": "53",
- "udp.port": "40021",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x00003f5c",
- "udp.checksum.status": "2",
- "udp.stream": "54"
- },
- "dns": {
- "dns.response_in": "1895",
- "dns.id": "0x0000048c",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 17:33:23.472192000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508459603.472192000",
- "frame.time_delta": "0.000508000",
- "frame.time_delta_displayed": "0.000508000",
- "frame.time_relative": "1891.066988000",
- "frame.number": "1895",
- "frame.len": "95",
- "frame.cap_len": "95",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "81",
- "ip.id": "0x00002b77",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00008d33",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "40021",
- "udp.port": "53",
- "udp.port": "40021",
- "udp.length": "61",
- "udp.checksum": "0x00008240",
- "udp.checksum.status": "2",
- "udp.stream": "54"
- },
- "dns": {
- "dns.response_to": "1894",
- "dns.time": "0.000508000",
- "dns.id": "0x0000048c",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "1",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
- "dns.resp.name": "dcp.cpp.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "644",
- "dns.resp.len": "4",
- "dns.a": "5.79.62.93"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 17:37:51.689099000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508459871.689099000",
- "frame.time_delta": "0.145237000",
- "frame.time_delta_displayed": "268.216907000",
- "frame.time_relative": "2159.283895000",
- "frame.number": "2153",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x000053f4",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x000064c9",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "49510",
- "udp.dstport": "53",
- "udp.port": "49510",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x000097c4",
- "udp.checksum.status": "2",
- "udp.stream": "60"
- },
- "dns": {
- "dns.response_in": "2154",
- "dns.id": "0x0000048d",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 17:37:51.695550000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508459871.695550000",
- "frame.time_delta": "0.006451000",
- "frame.time_delta_displayed": "0.006451000",
- "frame.time_relative": "2159.290346000",
- "frame.number": "2154",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x0000851c",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x000031ec",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "49510",
- "udp.port": "53",
- "udp.port": "49510",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "60"
- },
- "dns": {
- "dns.response_to": "2153",
- "dns.time": "0.006451000",
- "dns.id": "0x0000048d",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "141",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "13111",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.125"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.113"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2774",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2774",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2774",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2774",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2774",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2774",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2774",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2774",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2774",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "294",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 165.254.134.240": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4838",
- "dns.resp.len": "4",
- "dns.a": "165.254.134.240"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "7614",
- "dns.resp.len": "4",
- "dns.a": "165.254.16.89"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 165.254.16.90": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3676",
- "dns.resp.len": "4",
- "dns.a": "165.254.16.90"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 165.254.16.94": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4084",
- "dns.resp.len": "4",
- "dns.a": "165.254.16.94"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4641",
- "dns.resp.len": "4",
- "dns.a": "165.254.134.244"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 165.254.134.246": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "218",
- "dns.resp.len": "4",
- "dns.a": "165.254.134.246"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.232": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2322",
- "dns.resp.len": "4",
- "dns.a": "165.254.134.232"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4774",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 17:52:51.705423000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508460771.705423000",
- "frame.time_delta": "3.937809000",
- "frame.time_delta_displayed": "900.009873000",
- "frame.time_relative": "3059.300219000",
- "frame.number": "2958",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x0000b28e",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000062f",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "59344",
- "udp.dstport": "53",
- "udp.port": "59344",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x00007159",
- "udp.checksum.status": "2",
- "udp.stream": "72"
- },
- "dns": {
- "dns.response_in": "2959",
- "dns.id": "0x0000048e",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 17:52:51.715857000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508460771.715857000",
- "frame.time_delta": "0.010434000",
- "frame.time_delta_displayed": "0.010434000",
- "frame.time_relative": "3059.310653000",
- "frame.number": "2959",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x0000ca5c",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000ecab",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "59344",
- "udp.port": "53",
- "udp.port": "59344",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "72"
- },
- "dns": {
- "dns.response_to": "2958",
- "dns.time": "0.010434000",
- "dns.id": "0x0000048e",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "116",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "10613",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.113"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.125"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2787",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2787",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2787",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2787",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2787",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2787",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2787",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2787",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2787",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1095",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "7816",
- "dns.resp.len": "4",
- "dns.a": "184.51.200.159"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "316",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.229"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.241": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "500",
- "dns.resp.len": "4",
- "dns.a": "165.254.134.241"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5409",
- "dns.resp.len": "4",
- "dns.a": "165.254.134.244"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.33": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1157",
- "dns.resp.len": "4",
- "dns.a": "204.1.137.33"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "954",
- "dns.resp.len": "4",
- "dns.a": "165.254.16.95"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.239": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1018",
- "dns.resp.len": "4",
- "dns.a": "165.254.134.239"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5792",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 18:07:51.725149000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508461671.725149000",
- "frame.time_delta": "2.951813000",
- "frame.time_delta_displayed": "900.009292000",
- "frame.time_relative": "3959.319945000",
- "frame.number": "3816",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x0000ba5a",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000fe62",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "34709",
- "udp.dstport": "53",
- "udp.port": "34709",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x0000d193",
- "udp.checksum.status": "2",
- "udp.stream": "84"
- },
- "dns": {
- "dns.response_in": "3817",
- "dns.id": "0x0000048f",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 18:07:51.735281000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508461671.735281000",
- "frame.time_delta": "0.010132000",
- "frame.time_delta_displayed": "0.010132000",
- "frame.time_relative": "3959.330077000",
- "frame.number": "3817",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x00004a90",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00006c78",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "34709",
- "udp.port": "53",
- "udp.port": "34709",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "84"
- },
- "dns": {
- "dns.response_to": "3816",
- "dns.time": "0.010132000",
- "dns.id": "0x0000048f",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "142",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "11311",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.125"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.113"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "974",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "974",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "974",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "974",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "974",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "974",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "974",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "974",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "974",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2496",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 165.254.134.240": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3038",
- "dns.resp.len": "4",
- "dns.a": "165.254.134.240"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5814",
- "dns.resp.len": "4",
- "dns.a": "165.254.16.89"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 165.254.16.90": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1876",
- "dns.resp.len": "4",
- "dns.a": "165.254.16.90"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 165.254.16.94": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2284",
- "dns.resp.len": "4",
- "dns.a": "165.254.16.94"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2841",
- "dns.resp.len": "4",
- "dns.a": "165.254.134.244"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.93": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2419",
- "dns.resp.len": "4",
- "dns.a": "165.254.16.93"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.232": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "522",
- "dns.resp.len": "4",
- "dns.a": "165.254.134.232"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2974",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 18:12:56.852097000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508461976.852097000",
- "frame.time_delta": "3.045152000",
- "frame.time_delta_displayed": "305.116816000",
- "frame.time_relative": "4264.446893000",
- "frame.number": "5571",
- "frame.len": "83",
- "frame.cap_len": "83",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "69",
- "ip.id": "0x0000f879",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000c03c",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "46881",
- "udp.dstport": "53",
- "udp.port": "46881",
- "udp.port": "53",
- "udp.length": "49",
- "udp.checksum": "0x0000d1bd",
- "udp.checksum.status": "2",
- "udp.stream": "89"
- },
- "dns": {
- "dns.response_in": "5572",
- "dns.id": "0x00000490",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "diagnostics.meethue.com: type A, class IN": {
- "dns.qry.name": "diagnostics.meethue.com",
- "dns.qry.name.len": "23",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 18:12:56.936468000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508461976.936468000",
- "frame.time_delta": "0.084371000",
- "frame.time_delta_displayed": "0.084371000",
- "frame.time_relative": "4264.531264000",
- "frame.number": "5572",
- "frame.len": "297",
- "frame.cap_len": "297",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "283",
- "ip.id": "0x00008c6e",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00002b72",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "46881",
- "udp.port": "53",
- "udp.port": "46881",
- "udp.length": "263",
- "udp.checksum": "0x0000830a",
- "udp.checksum.status": "2",
- "udp.stream": "89"
- },
- "dns": {
- "dns.response_to": "5571",
- "dns.time": "0.084371000",
- "dns.id": "0x00000490",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "1",
- "dns.count.auth_rr": "3",
- "dns.count.add_rr": "6",
- "Queries": {
- "diagnostics.meethue.com: type A, class IN": {
- "dns.qry.name": "diagnostics.meethue.com",
- "dns.qry.name.len": "23",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "diagnostics.meethue.com: type A, class IN, addr 130.211.67.12": {
- "dns.resp.name": "diagnostics.meethue.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "300",
- "dns.resp.len": "4",
- "dns.a": "130.211.67.12"
- }
- },
- "Authoritative nameservers": {
- "meethue.com: type NS, class IN, ns ns2.ext.philips.com": {
- "dns.resp.name": "meethue.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3600",
- "dns.resp.len": "18",
- "dns.ns": "ns2.ext.philips.com"
- },
- "meethue.com: type NS, class IN, ns ns3.ext.philips.com": {
- "dns.resp.name": "meethue.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3600",
- "dns.resp.len": "6",
- "dns.ns": "ns3.ext.philips.com"
- },
- "meethue.com: type NS, class IN, ns ns1.ext.philips.com": {
- "dns.resp.name": "meethue.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3600",
- "dns.resp.len": "6",
- "dns.ns": "ns1.ext.philips.com"
- }
- },
- "Additional records": {
- "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
- "dns.resp.name": "ns1.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "172800",
- "dns.resp.len": "4",
- "dns.a": "57.67.40.20"
- },
- "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
- "dns.resp.name": "ns2.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "172800",
- "dns.resp.len": "4",
- "dns.a": "57.77.21.76"
- },
- "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
- "dns.resp.name": "ns3.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "172800",
- "dns.resp.len": "4",
- "dns.a": "57.73.36.68"
- },
- "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
- "dns.resp.name": "ns1.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2611",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
- },
- "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
- "dns.resp.name": "ns2.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "62777",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
- },
- "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
- "dns.resp.name": "ns3.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "62777",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 18:22:51.746902000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508462571.746902000",
- "frame.time_delta": "2.037142000",
- "frame.time_delta_displayed": "594.810434000",
- "frame.time_relative": "4859.341698000",
- "frame.number": "6175",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x0000f884",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000c038",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "54444",
- "udp.dstport": "53",
- "udp.port": "54444",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x0000847a",
- "udp.checksum.status": "2",
- "udp.stream": "97"
- },
- "dns": {
- "dns.response_in": "6176",
- "dns.id": "0x00000491",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 18:22:51.772932000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508462571.772932000",
- "frame.time_delta": "0.026030000",
- "frame.time_delta_displayed": "0.026030000",
- "frame.time_relative": "4859.367728000",
- "frame.number": "6176",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x00004cfa",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00006a0e",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "54444",
- "udp.port": "53",
- "udp.port": "54444",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "97"
- },
- "dns": {
- "dns.response_to": "6175",
- "dns.time": "0.026030000",
- "dns.id": "0x00000491",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "116",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "8813",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.113"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.125"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "987",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "987",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "987",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "987",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "987",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "987",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "987",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "987",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "987",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3296",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "6016",
- "dns.resp.len": "4",
- "dns.a": "184.51.200.159"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "6518",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.188"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.190": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2701",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.190"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3609",
- "dns.resp.len": "4",
- "dns.a": "165.254.134.244"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "7358",
- "dns.resp.len": "4",
- "dns.a": "165.254.16.89"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 184.51.200.166": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3156",
- "dns.resp.len": "4",
- "dns.a": "184.51.200.166"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5219",
- "dns.resp.len": "4",
- "dns.a": "165.254.16.92"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3992",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 18:33:21.624384000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508463201.624384000",
- "frame.time_delta": "0.266457000",
- "frame.time_delta_displayed": "629.851452000",
- "frame.time_relative": "5489.219180000",
- "frame.number": "6744",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x0000bf31",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000f988",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "37292",
- "udp.dstport": "53",
- "udp.port": "37292",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x00002eff",
- "udp.checksum.status": "2",
- "udp.stream": "102"
- },
- "dns": {
- "dns.response_in": "6745",
- "dns.id": "0x00000492",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 18:33:21.626468000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508463201.626468000",
- "frame.time_delta": "0.002084000",
- "frame.time_delta_displayed": "0.002084000",
- "frame.time_relative": "5489.221264000",
- "frame.number": "6745",
- "frame.len": "137",
- "frame.cap_len": "137",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "123",
- "ip.id": "0x00003f71",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000790f",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "37292",
- "udp.port": "53",
- "udp.port": "37292",
- "udp.length": "103",
- "udp.checksum": "0x0000826a",
- "udp.checksum.status": "2",
- "udp.stream": "102"
- },
- "dns": {
- "dns.response_to": "6744",
- "dns.time": "0.002084000",
- "dns.id": "0x00000492",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "1",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- },
- "Authoritative nameservers": {
- "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "6",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3220",
- "dns.resp.len": "46",
- "dns.soa.mname": "ns1.ext.philips.com",
- "dns.soa.rname": "ddi-authority.philips.com",
- "dns.soa.serial_number": "387",
- "dns.soa.refresh_interval": "1200",
- "dns.soa.retry_interval": "300",
- "dns.soa.expire_limit": "1209600",
- "dns.soa.mininum_ttl": "3600"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 18:33:21.627301000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508463201.627301000",
- "frame.time_delta": "0.000833000",
- "frame.time_delta_displayed": "0.000833000",
- "frame.time_relative": "5489.222097000",
- "frame.number": "6746",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x0000bf32",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000f987",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "54874",
- "udp.dstport": "53",
- "udp.port": "54874",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x00000550",
- "udp.checksum.status": "2",
- "udp.stream": "103"
- },
- "dns": {
- "dns.response_in": "6747",
- "dns.id": "0x00000493",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 18:33:21.628812000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508463201.628812000",
- "frame.time_delta": "0.001511000",
- "frame.time_delta_displayed": "0.001511000",
- "frame.time_relative": "5489.223608000",
- "frame.number": "6747",
- "frame.len": "285",
- "frame.cap_len": "285",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "271",
- "ip.id": "0x00003f72",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000787a",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "54874",
- "udp.port": "53",
- "udp.port": "54874",
- "udp.length": "251",
- "udp.checksum": "0x000082fe",
- "udp.checksum.status": "2",
- "udp.stream": "103"
- },
- "dns": {
- "dns.response_to": "6746",
- "dns.time": "0.001511000",
- "dns.id": "0x00000493",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "1",
- "dns.count.auth_rr": "3",
- "dns.count.add_rr": "6",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
- "dns.resp.name": "dcp.cpp.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2985",
- "dns.resp.len": "4",
- "dns.a": "5.79.62.93"
- }
- },
- "Authoritative nameservers": {
- "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "413",
- "dns.resp.len": "10",
- "dns.ns": "ns1.ext.philips.com"
- },
- "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "413",
- "dns.resp.len": "6",
- "dns.ns": "ns2.ext.philips.com"
- },
- "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "413",
- "dns.resp.len": "6",
- "dns.ns": "ns3.ext.philips.com"
- }
- },
- "Additional records": {
- "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
- "dns.resp.name": "ns1.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "171575",
- "dns.resp.len": "4",
- "dns.a": "57.67.40.20"
- },
- "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
- "dns.resp.name": "ns2.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "171575",
- "dns.resp.len": "4",
- "dns.a": "57.77.21.76"
- },
- "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
- "dns.resp.name": "ns3.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "171575",
- "dns.resp.len": "4",
- "dns.a": "57.73.36.68"
- },
- "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
- "dns.resp.name": "ns1.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1386",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
- },
- "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
- "dns.resp.name": "ns2.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "61552",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
- },
- "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
- "dns.resp.name": "ns3.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "61552",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 18:33:22.044352000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508463202.044352000",
- "frame.time_delta": "0.001668000",
- "frame.time_delta_displayed": "0.415540000",
- "frame.time_relative": "5489.639148000",
- "frame.number": "6763",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x0000bf41",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000f978",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "55176",
- "udp.dstport": "53",
- "udp.port": "55176",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x0000e920",
- "udp.checksum.status": "2",
- "udp.stream": "104"
- },
- "dns": {
- "dns.response_in": "6764",
- "dns.id": "0x00000494",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 18:33:22.044953000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508463202.044953000",
- "frame.time_delta": "0.000601000",
- "frame.time_delta_displayed": "0.000601000",
- "frame.time_relative": "5489.639749000",
- "frame.number": "6764",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x00003f96",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00007924",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "55176",
- "udp.port": "53",
- "udp.port": "55176",
- "udp.length": "45",
- "udp.checksum": "0x00008230",
- "udp.checksum.status": "2",
- "udp.stream": "104"
- },
- "dns": {
- "dns.response_to": "6763",
- "dns.time": "0.000601000",
- "dns.id": "0x00000494",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 18:33:22.045769000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508463202.045769000",
- "frame.time_delta": "0.000816000",
- "frame.time_delta_displayed": "0.000816000",
- "frame.time_relative": "5489.640565000",
- "frame.number": "6765",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x0000bf42",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000f977",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "60660",
- "udp.dstport": "53",
- "udp.port": "60660",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x0000eeb3",
- "udp.checksum.status": "2",
- "udp.stream": "105"
- },
- "dns": {
- "dns.response_in": "6766",
- "dns.id": "0x00000495",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 18:33:22.046379000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508463202.046379000",
- "frame.time_delta": "0.000610000",
- "frame.time_delta_displayed": "0.000610000",
- "frame.time_relative": "5489.641175000",
- "frame.number": "6766",
- "frame.len": "95",
- "frame.cap_len": "95",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "81",
- "ip.id": "0x00003f97",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00007913",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "60660",
- "udp.port": "53",
- "udp.port": "60660",
- "udp.length": "61",
- "udp.checksum": "0x00008240",
- "udp.checksum.status": "2",
- "udp.stream": "105"
- },
- "dns": {
- "dns.response_to": "6765",
- "dns.time": "0.000610000",
- "dns.id": "0x00000495",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "1",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
- "dns.resp.name": "dcp.cpp.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2984",
- "dns.resp.len": "4",
- "dns.a": "5.79.62.93"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 18:37:51.778249000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508463471.778249000",
- "frame.time_delta": "3.324074000",
- "frame.time_delta_displayed": "269.731870000",
- "frame.time_relative": "5759.373045000",
- "frame.number": "7048",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x00001dd7",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00009ae6",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "36809",
- "udp.dstport": "53",
- "udp.port": "36809",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x0000c958",
- "udp.checksum.status": "2",
- "udp.stream": "113"
- },
- "dns": {
- "dns.response_in": "7049",
- "dns.id": "0x00000496",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 18:37:51.799436000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508463471.799436000",
- "frame.time_delta": "0.021187000",
- "frame.time_delta_displayed": "0.021187000",
- "frame.time_relative": "5759.394232000",
- "frame.number": "7049",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x0000431d",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x000073eb",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "36809",
- "udp.port": "53",
- "udp.port": "36809",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "113"
- },
- "dns": {
- "dns.response_to": "7048",
- "dns.time": "0.021187000",
- "dns.id": "0x00000496",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "116",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "7913",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.113"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.125"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "87",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "87",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "87",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "87",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "87",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "87",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "87",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "87",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "87",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2396",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5116",
- "dns.resp.len": "4",
- "dns.a": "184.51.200.159"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5618",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.188"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.190": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1801",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.190"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2709",
- "dns.resp.len": "4",
- "dns.a": "165.254.134.244"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "6458",
- "dns.resp.len": "4",
- "dns.a": "165.254.16.89"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 184.51.200.166": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2256",
- "dns.resp.len": "4",
- "dns.a": "184.51.200.166"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4319",
- "dns.resp.len": "4",
- "dns.a": "165.254.16.92"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3092",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 18:52:51.807701000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508464371.807701000",
- "frame.time_delta": "0.379478000",
- "frame.time_delta_displayed": "900.008265000",
- "frame.time_relative": "6659.402497000",
- "frame.number": "7913",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x00009e02",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00001abb",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "47598",
- "udp.dstport": "53",
- "udp.port": "47598",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x00009f32",
- "udp.checksum.status": "2",
- "udp.stream": "123"
- },
- "dns": {
- "dns.response_in": "7914",
- "dns.id": "0x00000497",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 18:52:51.814443000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508464371.814443000",
- "frame.time_delta": "0.006742000",
- "frame.time_delta_displayed": "0.006742000",
- "frame.time_relative": "6659.409239000",
- "frame.number": "7914",
- "frame.len": "467",
- "frame.cap_len": "467",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "453",
- "ip.id": "0x0000e205",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000d530",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "47598",
- "udp.port": "53",
- "udp.port": "47598",
- "udp.length": "433",
- "udp.checksum": "0x000083b4",
- "udp.checksum.status": "2",
- "udp.stream": "123"
- },
- "dns": {
- "dns.response_to": "7913",
- "dns.time": "0.006742000",
- "dns.id": "0x00000497",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "8",
- "dns.count.add_rr": "8",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "142",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "8611",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.113"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.125"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "275",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "275",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "275",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "275",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "275",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "275",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "275",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "275",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3797",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 165.254.134.240": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "338",
- "dns.resp.len": "4",
- "dns.a": "165.254.134.240"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3114",
- "dns.resp.len": "4",
- "dns.a": "165.254.16.89"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3177",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.229"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5586",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.230"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "141",
- "dns.resp.len": "4",
- "dns.a": "165.254.134.244"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 173.197.192.234": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3720",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.234"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3824",
- "dns.resp.len": "4",
- "dns.a": "165.254.16.92"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 19:07:51.823654000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508465271.823654000",
- "frame.time_delta": "3.748666000",
- "frame.time_delta_displayed": "900.009211000",
- "frame.time_relative": "7559.418450000",
- "frame.number": "8671",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x0000e910",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000cfac",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "33804",
- "udp.dstport": "53",
- "udp.port": "33804",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x0000d513",
- "udp.checksum.status": "2",
- "udp.stream": "132"
- },
- "dns": {
- "dns.response_in": "8672",
- "dns.id": "0x00000498",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 19:07:51.884431000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508465271.884431000",
- "frame.time_delta": "0.060777000",
- "frame.time_delta_displayed": "0.060777000",
- "frame.time_relative": "7559.479227000",
- "frame.number": "8672",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x00004cdb",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00006a2d",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "33804",
- "udp.port": "53",
- "udp.port": "33804",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "132"
- },
- "dns": {
- "dns.response_to": "8671",
- "dns.time": "0.060777000",
- "dns.id": "0x00000498",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "116",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "6113",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.73": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.73"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.2": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.2"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2288",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2288",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2288",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2288",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2288",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2288",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2288",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2288",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2288",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "596",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3316",
- "dns.resp.len": "4",
- "dns.a": "184.51.200.159"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3818",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.188"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.190": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.190"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "909",
- "dns.resp.len": "4",
- "dns.a": "165.254.134.244"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4658",
- "dns.resp.len": "4",
- "dns.a": "165.254.16.89"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 184.51.200.166": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "456",
- "dns.resp.len": "4",
- "dns.a": "184.51.200.166"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2519",
- "dns.resp.len": "4",
- "dns.a": "165.254.16.92"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1292",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 19:22:51.895282000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508466171.895282000",
- "frame.time_delta": "7.109343000",
- "frame.time_delta_displayed": "900.010851000",
- "frame.time_relative": "8459.490078000",
- "frame.number": "9475",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x0000ffbc",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000b900",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "33283",
- "udp.dstport": "53",
- "udp.port": "33283",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x0000d71b",
- "udp.checksum.status": "2",
- "udp.stream": "144"
- },
- "dns": {
- "dns.response_in": "9476",
- "dns.id": "0x00000499",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 19:22:51.906565000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508466171.906565000",
- "frame.time_delta": "0.011283000",
- "frame.time_delta_displayed": "0.011283000",
- "frame.time_relative": "8459.501361000",
- "frame.number": "9476",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x0000a915",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00000df3",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "33283",
- "udp.port": "53",
- "udp.port": "33283",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "144"
- },
- "dns": {
- "dns.response_to": "9475",
- "dns.time": "0.011283000",
- "dns.id": "0x00000499",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "142",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "6811",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.112"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.125"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2475",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2475",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2475",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2475",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2475",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2475",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2475",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2475",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2475",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1997",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "6539",
- "dns.resp.len": "4",
- "dns.a": "204.1.137.41"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1314",
- "dns.resp.len": "4",
- "dns.a": "165.254.16.89"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1377",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.229"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3786",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.230"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.37": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "6342",
- "dns.resp.len": "4",
- "dns.a": "204.1.137.37"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 173.197.192.234": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1920",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.234"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2024",
- "dns.resp.len": "4",
- "dns.a": "165.254.16.92"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4475",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 19:33:22.239450000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508466802.239450000",
- "frame.time_delta": "4.788057000",
- "frame.time_delta_displayed": "630.332885000",
- "frame.time_relative": "9089.834246000",
- "frame.number": "10050",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x0000751c",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000439e",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "51418",
- "udp.dstport": "53",
- "udp.port": "51418",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x0000f7c8",
- "udp.checksum.status": "2",
- "udp.stream": "151"
- },
- "dns": {
- "dns.response_in": "10051",
- "dns.id": "0x0000049a",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 19:33:22.241425000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508466802.241425000",
- "frame.time_delta": "0.001975000",
- "frame.time_delta_displayed": "0.001975000",
- "frame.time_relative": "9089.836221000",
- "frame.number": "10051",
- "frame.len": "137",
- "frame.cap_len": "137",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "123",
- "ip.id": "0x000030bf",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x000087c1",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "51418",
- "udp.port": "53",
- "udp.port": "51418",
- "udp.length": "103",
- "udp.checksum": "0x0000826a",
- "udp.checksum.status": "2",
- "udp.stream": "151"
- },
- "dns": {
- "dns.response_to": "10050",
- "dns.time": "0.001975000",
- "dns.id": "0x0000049a",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "1",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- },
- "Authoritative nameservers": {
- "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "6",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1786",
- "dns.resp.len": "46",
- "dns.soa.mname": "ns1.ext.philips.com",
- "dns.soa.rname": "ddi-authority.philips.com",
- "dns.soa.serial_number": "387",
- "dns.soa.refresh_interval": "1200",
- "dns.soa.retry_interval": "300",
- "dns.soa.expire_limit": "1209600",
- "dns.soa.mininum_ttl": "3600"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 19:33:22.242432000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508466802.242432000",
- "frame.time_delta": "0.001007000",
- "frame.time_delta_displayed": "0.001007000",
- "frame.time_relative": "9089.837228000",
- "frame.number": "10052",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x0000751d",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000439d",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "60729",
- "udp.dstport": "53",
- "udp.port": "60729",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x0000ee68",
- "udp.checksum.status": "2",
- "udp.stream": "152"
- },
- "dns": {
- "dns.response_in": "10053",
- "dns.id": "0x0000049b",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 19:33:22.244090000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508466802.244090000",
- "frame.time_delta": "0.001658000",
- "frame.time_delta_displayed": "0.001658000",
- "frame.time_relative": "9089.838886000",
- "frame.number": "10053",
- "frame.len": "285",
- "frame.cap_len": "285",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "271",
- "ip.id": "0x000030c0",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000872c",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "60729",
- "udp.port": "53",
- "udp.port": "60729",
- "udp.length": "251",
- "udp.checksum": "0x000082fe",
- "udp.checksum.status": "2",
- "udp.stream": "152"
- },
- "dns": {
- "dns.response_to": "10052",
- "dns.time": "0.001658000",
- "dns.id": "0x0000049b",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "1",
- "dns.count.auth_rr": "3",
- "dns.count.add_rr": "6",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
- "dns.resp.name": "dcp.cpp.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1786",
- "dns.resp.len": "4",
- "dns.a": "5.79.62.93"
- }
- },
- "Authoritative nameservers": {
- "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1786",
- "dns.resp.len": "10",
- "dns.ns": "ns1.ext.philips.com"
- },
- "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1786",
- "dns.resp.len": "6",
- "dns.ns": "ns3.ext.philips.com"
- },
- "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1786",
- "dns.resp.len": "6",
- "dns.ns": "ns2.ext.philips.com"
- }
- },
- "Additional records": {
- "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
- "dns.resp.name": "ns1.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "147808",
- "dns.resp.len": "4",
- "dns.a": "57.67.40.20"
- },
- "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
- "dns.resp.name": "ns2.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "172526",
- "dns.resp.len": "4",
- "dns.a": "57.77.21.76"
- },
- "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
- "dns.resp.name": "ns3.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "172526",
- "dns.resp.len": "4",
- "dns.a": "57.73.36.68"
- },
- "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
- "dns.resp.name": "ns1.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "151427",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
- },
- "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
- "dns.resp.name": "ns2.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "144000",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
- },
- "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
- "dns.resp.name": "ns3.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "144000",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 19:33:22.660387000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508466802.660387000",
- "frame.time_delta": "0.001051000",
- "frame.time_delta_displayed": "0.416297000",
- "frame.time_relative": "9090.255183000",
- "frame.number": "10069",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x00007547",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00004373",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "46220",
- "udp.dstport": "53",
- "udp.port": "46220",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x00000c15",
- "udp.checksum.status": "2",
- "udp.stream": "153"
- },
- "dns": {
- "dns.response_in": "10070",
- "dns.id": "0x0000049c",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 19:33:22.660954000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508466802.660954000",
- "frame.time_delta": "0.000567000",
- "frame.time_delta_displayed": "0.000567000",
- "frame.time_relative": "9090.255750000",
- "frame.number": "10070",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x000030d6",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x000087e4",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "46220",
- "udp.port": "53",
- "udp.port": "46220",
- "udp.length": "45",
- "udp.checksum": "0x00008230",
- "udp.checksum.status": "2",
- "udp.stream": "153"
- },
- "dns": {
- "dns.response_to": "10069",
- "dns.time": "0.000567000",
- "dns.id": "0x0000049c",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 19:33:22.661749000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508466802.661749000",
- "frame.time_delta": "0.000795000",
- "frame.time_delta_displayed": "0.000795000",
- "frame.time_relative": "9090.256545000",
- "frame.number": "10071",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x00007548",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00004372",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "51255",
- "udp.dstport": "53",
- "udp.port": "51255",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x00001369",
- "udp.checksum.status": "2",
- "udp.stream": "154"
- },
- "dns": {
- "dns.response_in": "10072",
- "dns.id": "0x0000049d",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 19:33:22.662301000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508466802.662301000",
- "frame.time_delta": "0.000552000",
- "frame.time_delta_displayed": "0.000552000",
- "frame.time_relative": "9090.257097000",
- "frame.number": "10072",
- "frame.len": "95",
- "frame.cap_len": "95",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "81",
- "ip.id": "0x000030d7",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x000087d3",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "51255",
- "udp.port": "53",
- "udp.port": "51255",
- "udp.length": "61",
- "udp.checksum": "0x00008240",
- "udp.checksum.status": "2",
- "udp.stream": "154"
- },
- "dns": {
- "dns.response_to": "10071",
- "dns.time": "0.000552000",
- "dns.id": "0x0000049d",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "1",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
- "dns.resp.name": "dcp.cpp.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1786",
- "dns.resp.len": "4",
- "dns.a": "5.79.62.93"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 19:37:51.914199000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508467071.914199000",
- "frame.time_delta": "0.065381000",
- "frame.time_delta_displayed": "269.251898000",
- "frame.time_relative": "9359.508995000",
- "frame.number": "10287",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x000089fd",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00002ec0",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "41837",
- "udp.dstport": "53",
- "udp.port": "41837",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x0000b5ac",
- "udp.checksum.status": "2",
- "udp.stream": "155"
- },
- "dns": {
- "dns.response_in": "10288",
- "dns.id": "0x0000049e",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 19:37:51.978100000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508467071.978100000",
- "frame.time_delta": "0.063901000",
- "frame.time_delta_displayed": "0.063901000",
- "frame.time_relative": "9359.572896000",
- "frame.number": "10288",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x00008e7d",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000288b",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "41837",
- "udp.port": "53",
- "udp.port": "41837",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "155"
- },
- "dns": {
- "dns.response_to": "10287",
- "dns.time": "0.063901000",
- "dns.id": "0x0000049e",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "117",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4313",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.112"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.125"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "488",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "488",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "488",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "488",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "488",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "488",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "488",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "488",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "488",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2799",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1516",
- "dns.resp.len": "4",
- "dns.a": "184.51.200.159"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2018",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.188"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 204.1.137.33": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2202",
- "dns.resp.len": "4",
- "dns.a": "204.1.137.33"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5110",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.230"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2858",
- "dns.resp.len": "4",
- "dns.a": "165.254.16.89"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2660",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.188"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "719",
- "dns.resp.len": "4",
- "dns.a": "165.254.16.92"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5496",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 19:52:51.985173000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508467971.985173000",
- "frame.time_delta": "0.373714000",
- "frame.time_delta_displayed": "900.007073000",
- "frame.time_relative": "10259.579969000",
- "frame.number": "11065",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x0000b24b",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00000672",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "33682",
- "udp.dstport": "53",
- "udp.port": "33682",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x0000d586",
- "udp.checksum.status": "2",
- "udp.stream": "163"
- },
- "dns": {
- "dns.response_in": "11066",
- "dns.id": "0x0000049f",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 19:52:52.048951000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508467972.048951000",
- "frame.time_delta": "0.063778000",
- "frame.time_delta_displayed": "0.063778000",
- "frame.time_relative": "10259.643747000",
- "frame.number": "11066",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x00008dbf",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00002949",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "33682",
- "udp.port": "53",
- "udp.port": "33682",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "163"
- },
- "dns": {
- "dns.response_to": "11065",
- "dns.time": "0.063778000",
- "dns.id": "0x0000049f",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "117",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3413",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.73": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.73"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.2": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.2"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3589",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3589",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3589",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3589",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3589",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3589",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3589",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3589",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3589",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1898",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "615",
- "dns.resp.len": "4",
- "dns.a": "184.51.200.159"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1117",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.188"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 204.1.137.33": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1301",
- "dns.resp.len": "4",
- "dns.a": "204.1.137.33"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4209",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.230"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1957",
- "dns.resp.len": "4",
- "dns.a": "165.254.16.89"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1759",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.188"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 173.197.192.237": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5819",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.237"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4595",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 20:07:52.060309000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508468872.060309000",
- "frame.time_delta": "0.486449000",
- "frame.time_delta_displayed": "900.011358000",
- "frame.time_relative": "11159.655105000",
- "frame.number": "11855",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x0000fdee",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000bace",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "49312",
- "udp.dstport": "53",
- "udp.port": "49312",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x00009877",
- "udp.checksum.status": "2",
- "udp.stream": "171"
- },
- "dns": {
- "dns.response_in": "11856",
- "dns.id": "0x000004a0",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 20:07:52.067203000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508468872.067203000",
- "frame.time_delta": "0.006894000",
- "frame.time_delta_displayed": "0.006894000",
- "frame.time_relative": "11159.661999000",
- "frame.number": "11856",
- "frame.len": "467",
- "frame.cap_len": "467",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "453",
- "ip.id": "0x0000b190",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x000005a6",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "49312",
- "udp.port": "53",
- "udp.port": "49312",
- "udp.length": "433",
- "udp.checksum": "0x000083b4",
- "udp.checksum.status": "2",
- "udp.stream": "171"
- },
- "dns": {
- "dns.response_to": "11855",
- "dns.time": "0.006894000",
- "dns.id": "0x000004a0",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "8",
- "dns.count.add_rr": "8",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "141",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4110",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.27"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.42"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "774",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "774",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "774",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "774",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "774",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "774",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "774",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "774",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3298",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3838",
- "dns.resp.len": "4",
- "dns.a": "204.1.137.41"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.233": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "6614",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.233"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2677",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.229"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1085",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.230"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.37": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3641",
- "dns.resp.len": "4",
- "dns.a": "204.1.137.37"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3220",
- "dns.resp.len": "4",
- "dns.a": "204.1.137.41"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.37": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5325",
- "dns.resp.len": "4",
- "dns.a": "204.1.137.37"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 20:22:52.076126000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508469772.076126000",
- "frame.time_delta": "0.590869000",
- "frame.time_delta_displayed": "900.008923000",
- "frame.time_relative": "12059.670922000",
- "frame.number": "12657",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x0000a2db",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x000015e2",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53703",
- "udp.dstport": "53",
- "udp.port": "53703",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x0000874f",
- "udp.checksum.status": "2",
- "udp.stream": "177"
- },
- "dns": {
- "dns.response_in": "12658",
- "dns.id": "0x000004a1",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 20:22:52.112051000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508469772.112051000",
- "frame.time_delta": "0.035925000",
- "frame.time_delta_displayed": "0.035925000",
- "frame.time_relative": "12059.706847000",
- "frame.number": "12658",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x0000ccc6",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000ea41",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "53703",
- "udp.port": "53",
- "udp.port": "53703",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "177"
- },
- "dns": {
- "dns.response_to": "12657",
- "dns.time": "0.035925000",
- "dns.id": "0x000004a1",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "116",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1612",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.2": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.2"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.73": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.73"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1789",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1789",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1789",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1789",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1789",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1789",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1789",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1789",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1789",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "98",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "6816",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.208"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 198.172.88.208": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "7318",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.208"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 198.172.88.200": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3503",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.200"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2409",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.230"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "157",
- "dns.resp.len": "4",
- "dns.a": "165.254.16.89"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 198.172.88.205": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3960",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.205"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 173.197.192.237": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4019",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.237"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2795",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 20:33:22.842206000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508470402.842206000",
- "frame.time_delta": "0.384116000",
- "frame.time_delta_displayed": "630.730155000",
- "frame.time_relative": "12690.437002000",
- "frame.number": "13303",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x0000dd6f",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000db4a",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "44754",
- "udp.dstport": "53",
- "udp.port": "44754",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x000011c9",
- "udp.checksum.status": "2",
- "udp.stream": "184"
- },
- "dns": {
- "dns.response_in": "13304",
- "dns.id": "0x000004a2",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 20:33:22.844183000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508470402.844183000",
- "frame.time_delta": "0.001977000",
- "frame.time_delta_displayed": "0.001977000",
- "frame.time_relative": "12690.438979000",
- "frame.number": "13304",
- "frame.len": "137",
- "frame.cap_len": "137",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "123",
- "ip.id": "0x00000246",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000b63a",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "44754",
- "udp.port": "53",
- "udp.port": "44754",
- "udp.length": "103",
- "udp.checksum": "0x0000826a",
- "udp.checksum.status": "2",
- "udp.stream": "184"
- },
- "dns": {
- "dns.response_to": "13303",
- "dns.time": "0.001977000",
- "dns.id": "0x000004a2",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "1",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- },
- "Authoritative nameservers": {
- "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "6",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3219",
- "dns.resp.len": "46",
- "dns.soa.mname": "ns1.ext.philips.com",
- "dns.soa.rname": "ddi-authority.philips.com",
- "dns.soa.serial_number": "387",
- "dns.soa.refresh_interval": "1200",
- "dns.soa.retry_interval": "300",
- "dns.soa.expire_limit": "1209600",
- "dns.soa.mininum_ttl": "3600"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 20:33:22.846468000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508470402.846468000",
- "frame.time_delta": "0.002285000",
- "frame.time_delta_displayed": "0.002285000",
- "frame.time_relative": "12690.441264000",
- "frame.number": "13305",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x0000dd70",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000db49",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "35982",
- "udp.dstport": "53",
- "udp.port": "35982",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x00004f0c",
- "udp.checksum.status": "2",
- "udp.stream": "185"
- },
- "dns": {
- "dns.response_in": "13306",
- "dns.id": "0x000004a3",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 20:33:22.848081000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508470402.848081000",
- "frame.time_delta": "0.001613000",
- "frame.time_delta_displayed": "0.001613000",
- "frame.time_relative": "12690.442877000",
- "frame.number": "13306",
- "frame.len": "285",
- "frame.cap_len": "285",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "271",
- "ip.id": "0x00000247",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000b5a5",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "35982",
- "udp.port": "53",
- "udp.port": "35982",
- "udp.length": "251",
- "udp.checksum": "0x000082fe",
- "udp.checksum.status": "2",
- "udp.stream": "185"
- },
- "dns": {
- "dns.response_to": "13305",
- "dns.time": "0.001613000",
- "dns.id": "0x000004a3",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "1",
- "dns.count.auth_rr": "3",
- "dns.count.add_rr": "6",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
- "dns.resp.name": "dcp.cpp.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3161",
- "dns.resp.len": "4",
- "dns.a": "5.79.62.93"
- }
- },
- "Authoritative nameservers": {
- "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "645",
- "dns.resp.len": "10",
- "dns.ns": "ns3.ext.philips.com"
- },
- "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "645",
- "dns.resp.len": "6",
- "dns.ns": "ns2.ext.philips.com"
- },
- "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "645",
- "dns.resp.len": "6",
- "dns.ns": "ns1.ext.philips.com"
- }
- },
- "Additional records": {
- "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
- "dns.resp.name": "ns1.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "856",
- "dns.resp.len": "4",
- "dns.a": "57.67.40.20"
- },
- "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
- "dns.resp.name": "ns2.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "164374",
- "dns.resp.len": "4",
- "dns.a": "57.77.21.76"
- },
- "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
- "dns.resp.name": "ns3.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "164374",
- "dns.resp.len": "4",
- "dns.a": "57.73.36.68"
- },
- "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
- "dns.resp.name": "ns1.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2117",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
- },
- "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
- "dns.resp.name": "ns2.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "54351",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
- },
- "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
- "dns.resp.name": "ns3.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "54351",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 20:33:23.264573000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508470403.264573000",
- "frame.time_delta": "0.001337000",
- "frame.time_delta_displayed": "0.416492000",
- "frame.time_relative": "12690.859369000",
- "frame.number": "13322",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x0000dd71",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000db48",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "56095",
- "udp.dstport": "53",
- "udp.port": "56095",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x0000e579",
- "udp.checksum.status": "2",
- "udp.stream": "186"
- },
- "dns": {
- "dns.response_in": "13323",
- "dns.id": "0x000004a4",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 20:33:23.265148000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508470403.265148000",
- "frame.time_delta": "0.000575000",
- "frame.time_delta_displayed": "0.000575000",
- "frame.time_relative": "12690.859944000",
- "frame.number": "13323",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x0000026e",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000b64c",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "56095",
- "udp.port": "53",
- "udp.port": "56095",
- "udp.length": "45",
- "udp.checksum": "0x00008230",
- "udp.checksum.status": "2",
- "udp.stream": "186"
- },
- "dns": {
- "dns.response_to": "13322",
- "dns.time": "0.000575000",
- "dns.id": "0x000004a4",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 20:33:23.266041000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508470403.266041000",
- "frame.time_delta": "0.000893000",
- "frame.time_delta_displayed": "0.000893000",
- "frame.time_relative": "12690.860837000",
- "frame.number": "13324",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x0000dd72",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000db47",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "41786",
- "udp.dstport": "53",
- "udp.port": "41786",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x0000385e",
- "udp.checksum.status": "2",
- "udp.stream": "187"
- },
- "dns": {
- "dns.response_in": "13325",
- "dns.id": "0x000004a5",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 20:33:23.266579000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508470403.266579000",
- "frame.time_delta": "0.000538000",
- "frame.time_delta_displayed": "0.000538000",
- "frame.time_relative": "12690.861375000",
- "frame.number": "13325",
- "frame.len": "95",
- "frame.cap_len": "95",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "81",
- "ip.id": "0x0000026f",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000b63b",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "41786",
- "udp.port": "53",
- "udp.port": "41786",
- "udp.length": "61",
- "udp.checksum": "0x00008240",
- "udp.checksum.status": "2",
- "udp.stream": "187"
- },
- "dns": {
- "dns.response_to": "13324",
- "dns.time": "0.000538000",
- "dns.id": "0x000004a5",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "1",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
- "dns.resp.name": "dcp.cpp.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3160",
- "dns.resp.len": "4",
- "dns.a": "5.79.62.93"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 20:37:52.120059000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508470672.120059000",
- "frame.time_delta": "0.625668000",
- "frame.time_delta_displayed": "268.853480000",
- "frame.time_relative": "12959.714855000",
- "frame.number": "13582",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x00002649",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00009274",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "54738",
- "udp.dstport": "53",
- "udp.port": "54738",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x0000833f",
- "udp.checksum.status": "2",
- "udp.stream": "188"
- },
- "dns": {
- "dns.response_in": "13583",
- "dns.id": "0x000004a6",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 20:37:52.140960000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508470672.140960000",
- "frame.time_delta": "0.020901000",
- "frame.time_delta_displayed": "0.020901000",
- "frame.time_relative": "12959.735756000",
- "frame.number": "13583",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x00004310",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x000073f8",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "54738",
- "udp.port": "53",
- "udp.port": "54738",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "188"
- },
- "dns": {
- "dns.response_to": "13582",
- "dns.time": "0.020901000",
- "dns.id": "0x000004a6",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "116",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "712",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.125"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.112"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "889",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "889",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "889",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "889",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "889",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "889",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "889",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "889",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "889",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3199",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5916",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.208"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 198.172.88.208": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "6418",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.208"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 198.172.88.200": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2603",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.200"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1509",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.230"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.206": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "7258",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.206"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 198.172.88.205": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3060",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.205"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 173.197.192.237": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3119",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.237"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1895",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 20:52:52.147811000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508471572.147811000",
- "frame.time_delta": "0.719415000",
- "frame.time_delta_displayed": "900.006851000",
- "frame.time_relative": "13859.742607000",
- "frame.number": "14361",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x0000e5bd",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000d2ff",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "55123",
- "udp.dstport": "53",
- "udp.port": "55123",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x000081bd",
- "udp.checksum.status": "2",
- "udp.stream": "197"
- },
- "dns": {
- "dns.response_in": "14362",
- "dns.id": "0x000004a7",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 20:52:52.212985000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508471572.212985000",
- "frame.time_delta": "0.065174000",
- "frame.time_delta_displayed": "0.065174000",
- "frame.time_relative": "13859.807781000",
- "frame.number": "14362",
- "frame.len": "467",
- "frame.cap_len": "467",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "453",
- "ip.id": "0x00004fa4",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00006792",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "55123",
- "udp.port": "53",
- "udp.port": "55123",
- "udp.length": "433",
- "udp.checksum": "0x000083b4",
- "udp.checksum.status": "2",
- "udp.stream": "197"
- },
- "dns": {
- "dns.response_to": "14361",
- "dns.time": "0.065174000",
- "dns.id": "0x000004a7",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "8",
- "dns.count.add_rr": "8",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "117",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "21417",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.112"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.125"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "989",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "989",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "989",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "989",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "989",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "989",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "989",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "989",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2299",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5016",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.208"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 198.172.88.208": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5518",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.208"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 198.172.88.200": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1703",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.200"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "609",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.230"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.206": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "6358",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.206"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 198.172.88.205": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2160",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.205"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 173.197.192.237": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2219",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.237"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 21:07:52.219360000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508472472.219360000",
- "frame.time_delta": "0.606095000",
- "frame.time_delta_displayed": "900.006375000",
- "frame.time_relative": "14759.814156000",
- "frame.number": "15111",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x0000c5af",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000f30d",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "44889",
- "udp.dstport": "53",
- "udp.port": "44889",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x0000a9b6",
- "udp.checksum.status": "2",
- "udp.stream": "205"
- },
- "dns": {
- "dns.response_in": "15112",
- "dns.id": "0x000004a8",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 21:07:52.306389000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508472472.306389000",
- "frame.time_delta": "0.087029000",
- "frame.time_delta_displayed": "0.087029000",
- "frame.time_relative": "14759.901185000",
- "frame.number": "15112",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x0000a365",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x000013a3",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "44889",
- "udp.port": "53",
- "udp.port": "44889",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "205"
- },
- "dns": {
- "dns.response_to": "15111",
- "dns.time": "0.087029000",
- "dns.id": "0x000004a8",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "300",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "510",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.125"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.112"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1174",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1174",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1174",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1174",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1174",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1174",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1174",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1174",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1174",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3699",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "238",
- "dns.resp.len": "4",
- "dns.a": "204.1.137.41"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.233": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3014",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.233"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3078",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.229"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.203": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3486",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.203"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.37": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "41",
- "dns.resp.len": "4",
- "dns.a": "204.1.137.37"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3621",
- "dns.resp.len": "4",
- "dns.a": "165.254.16.95"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.37": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1725",
- "dns.resp.len": "4",
- "dns.a": "204.1.137.37"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4177",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 21:22:52.395472000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508473372.395472000",
- "frame.time_delta": "3.711619000",
- "frame.time_delta_displayed": "900.089083000",
- "frame.time_relative": "15659.990268000",
- "frame.number": "15884",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x000043a6",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00007517",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53892",
- "udp.dstport": "53",
- "udp.port": "53892",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x0000868a",
- "udp.checksum.status": "2",
- "udp.stream": "212"
- },
- "dns": {
- "dns.response_in": "15885",
- "dns.id": "0x000004a9",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 21:22:52.423942000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508473372.423942000",
- "frame.time_delta": "0.028470000",
- "frame.time_delta_displayed": "0.028470000",
- "frame.time_relative": "15660.018738000",
- "frame.number": "15885",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x0000f1a1",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000c566",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "53892",
- "udp.port": "53",
- "udp.port": "53892",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "212"
- },
- "dns": {
- "dns.response_to": "15884",
- "dns.time": "0.028470000",
- "dns.id": "0x000004a9",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "142",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "21258",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.2": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.2"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.73": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.73"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "274",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "274",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "274",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "274",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "274",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "274",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "274",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "274",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "274",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2799",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "7339",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.208"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.233": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2114",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.233"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2178",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.229"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.203": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2586",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.203"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.203": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "7142",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.203"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2721",
- "dns.resp.len": "4",
- "dns.a": "165.254.16.95"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.37": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "825",
- "dns.resp.len": "4",
- "dns.a": "204.1.137.37"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3277",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 21:33:23.396307000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508474003.396307000",
- "frame.time_delta": "4.678140000",
- "frame.time_delta_displayed": "630.972365000",
- "frame.time_relative": "16290.991103000",
- "frame.number": "16442",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x000096a0",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000221a",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "37663",
- "udp.dstport": "53",
- "udp.port": "37663",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x00002d74",
- "udp.checksum.status": "2",
- "udp.stream": "215"
- },
- "dns": {
- "dns.response_in": "16443",
- "dns.id": "0x000004aa",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 21:33:23.398249000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508474003.398249000",
- "frame.time_delta": "0.001942000",
- "frame.time_delta_displayed": "0.001942000",
- "frame.time_relative": "16290.993045000",
- "frame.number": "16443",
- "frame.len": "137",
- "frame.cap_len": "137",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "123",
- "ip.id": "0x00008616",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000326a",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "37663",
- "udp.port": "53",
- "udp.port": "37663",
- "udp.length": "103",
- "udp.checksum": "0x0000826a",
- "udp.checksum.status": "2",
- "udp.stream": "215"
- },
- "dns": {
- "dns.response_to": "16442",
- "dns.time": "0.001942000",
- "dns.id": "0x000004aa",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "1",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- },
- "Authoritative nameservers": {
- "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "6",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1786",
- "dns.resp.len": "46",
- "dns.soa.mname": "ns1.ext.philips.com",
- "dns.soa.rname": "ddi-authority.philips.com",
- "dns.soa.serial_number": "387",
- "dns.soa.refresh_interval": "1200",
- "dns.soa.retry_interval": "300",
- "dns.soa.expire_limit": "1209600",
- "dns.soa.mininum_ttl": "3600"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 21:33:23.399079000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508474003.399079000",
- "frame.time_delta": "0.000830000",
- "frame.time_delta_displayed": "0.000830000",
- "frame.time_relative": "16290.993875000",
- "frame.number": "16444",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x000096a1",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00002219",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "33353",
- "udp.dstport": "53",
- "udp.port": "33353",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x00005949",
- "udp.checksum.status": "2",
- "udp.stream": "216"
- },
- "dns": {
- "dns.response_in": "16445",
- "dns.id": "0x000004ab",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 21:33:23.400649000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508474003.400649000",
- "frame.time_delta": "0.001570000",
- "frame.time_delta_displayed": "0.001570000",
- "frame.time_relative": "16290.995445000",
- "frame.number": "16445",
- "frame.len": "285",
- "frame.cap_len": "285",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "271",
- "ip.id": "0x00008617",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x000031d5",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "33353",
- "udp.port": "53",
- "udp.port": "33353",
- "udp.length": "251",
- "udp.checksum": "0x000082fe",
- "udp.checksum.status": "2",
- "udp.stream": "216"
- },
- "dns": {
- "dns.response_to": "16444",
- "dns.time": "0.001570000",
- "dns.id": "0x000004ab",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "1",
- "dns.count.auth_rr": "3",
- "dns.count.add_rr": "6",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
- "dns.resp.name": "dcp.cpp.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1786",
- "dns.resp.len": "4",
- "dns.a": "5.79.62.93"
- }
- },
- "Authoritative nameservers": {
- "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1786",
- "dns.resp.len": "10",
- "dns.ns": "ns3.ext.philips.com"
- },
- "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1786",
- "dns.resp.len": "6",
- "dns.ns": "ns1.ext.philips.com"
- },
- "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1786",
- "dns.resp.len": "6",
- "dns.ns": "ns2.ext.philips.com"
- }
- },
- "Additional records": {
- "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
- "dns.resp.name": "ns1.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "140607",
- "dns.resp.len": "4",
- "dns.a": "57.67.40.20"
- },
- "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
- "dns.resp.name": "ns2.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "165325",
- "dns.resp.len": "4",
- "dns.a": "57.77.21.76"
- },
- "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
- "dns.resp.name": "ns3.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "165325",
- "dns.resp.len": "4",
- "dns.a": "57.73.36.68"
- },
- "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
- "dns.resp.name": "ns1.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "144226",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
- },
- "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
- "dns.resp.name": "ns2.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "136799",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
- },
- "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
- "dns.resp.name": "ns3.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "136799",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 21:33:23.818793000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508474003.818793000",
- "frame.time_delta": "0.002460000",
- "frame.time_delta_displayed": "0.418144000",
- "frame.time_relative": "16291.413589000",
- "frame.number": "16461",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x000096bd",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x000021fd",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "52555",
- "udp.dstport": "53",
- "udp.port": "52555",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x0000f345",
- "udp.checksum.status": "2",
- "udp.stream": "217"
- },
- "dns": {
- "dns.response_in": "16462",
- "dns.id": "0x000004ac",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 21:33:23.819379000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508474003.819379000",
- "frame.time_delta": "0.000586000",
- "frame.time_delta_displayed": "0.000586000",
- "frame.time_relative": "16291.414175000",
- "frame.number": "16462",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x0000861c",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000329e",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "52555",
- "udp.port": "53",
- "udp.port": "52555",
- "udp.length": "45",
- "udp.checksum": "0x00008230",
- "udp.checksum.status": "2",
- "udp.stream": "217"
- },
- "dns": {
- "dns.response_to": "16461",
- "dns.time": "0.000586000",
- "dns.id": "0x000004ac",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 21:33:23.820220000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508474003.820220000",
- "frame.time_delta": "0.000841000",
- "frame.time_delta_displayed": "0.000841000",
- "frame.time_relative": "16291.415016000",
- "frame.number": "16463",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x000096be",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x000021fc",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "58656",
- "udp.dstport": "53",
- "udp.port": "58656",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x0000f66f",
- "udp.checksum.status": "2",
- "udp.stream": "218"
- },
- "dns": {
- "dns.response_in": "16464",
- "dns.id": "0x000004ad",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 21:33:23.820779000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508474003.820779000",
- "frame.time_delta": "0.000559000",
- "frame.time_delta_displayed": "0.000559000",
- "frame.time_relative": "16291.415575000",
- "frame.number": "16464",
- "frame.len": "95",
- "frame.cap_len": "95",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "81",
- "ip.id": "0x0000861d",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000328d",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "58656",
- "udp.port": "53",
- "udp.port": "58656",
- "udp.length": "61",
- "udp.checksum": "0x00008240",
- "udp.checksum.status": "2",
- "udp.stream": "218"
- },
- "dns": {
- "dns.response_to": "16463",
- "dns.time": "0.000559000",
- "dns.id": "0x000004ad",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "1",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
- "dns.resp.name": "dcp.cpp.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1786",
- "dns.resp.len": "4",
- "dns.a": "5.79.62.93"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 21:37:52.430247000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508474272.430247000",
- "frame.time_delta": "3.692969000",
- "frame.time_delta_displayed": "268.609468000",
- "frame.time_relative": "16560.025043000",
- "frame.number": "16697",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x0000e609",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000d2b3",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "47128",
- "udp.dstport": "53",
- "udp.port": "47128",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x0000a0f1",
- "udp.checksum.status": "2",
- "udp.stream": "221"
- },
- "dns": {
- "dns.response_in": "16698",
- "dns.id": "0x000004ae",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 21:37:52.445842000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508474272.445842000",
- "frame.time_delta": "0.015595000",
- "frame.time_delta_displayed": "0.015595000",
- "frame.time_relative": "16560.040638000",
- "frame.number": "16698",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x0000be56",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000f8b1",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "47128",
- "udp.port": "53",
- "udp.port": "47128",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "221"
- },
- "dns": {
- "dns.response_to": "16697",
- "dns.time": "0.015595000",
- "dns.id": "0x000004ae",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "142",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20358",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.112"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.125"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3374",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3374",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3374",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3374",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3374",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3374",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3374",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3374",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3374",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1899",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "6439",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.208"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.233": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1214",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.233"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1278",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.229"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.203": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1686",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.203"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.203": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "6242",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.203"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1821",
- "dns.resp.len": "4",
- "dns.a": "165.254.16.95"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.205": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5927",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.205"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2377",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 21:52:52.450308000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508475172.450308000",
- "frame.time_delta": "6.313074000",
- "frame.time_delta_displayed": "900.004466000",
- "frame.time_relative": "17460.045104000",
- "frame.number": "17472",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x00002b9d",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00008d20",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "58502",
- "udp.dstport": "53",
- "udp.port": "58502",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x00007482",
- "udp.checksum.status": "2",
- "udp.stream": "229"
- },
- "dns": {
- "dns.response_in": "17473",
- "dns.id": "0x000004af",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 21:52:52.456608000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508475172.456608000",
- "frame.time_delta": "0.006300000",
- "frame.time_delta_displayed": "0.006300000",
- "frame.time_relative": "17460.051404000",
- "frame.number": "17473",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x000011ad",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000a55b",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "58502",
- "udp.port": "53",
- "udp.port": "58502",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "229"
- },
- "dns": {
- "dns.response_to": "17472",
- "dns.time": "0.006300000",
- "dns.id": "0x000004af",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "142",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "19458",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.112"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.125"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2474",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2474",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2474",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2474",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2474",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2474",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2474",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2474",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2474",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "999",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5539",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.208"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.233": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "314",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.233"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "378",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.229"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.203": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "786",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.203"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.203": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5342",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.203"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "921",
- "dns.resp.len": "4",
- "dns.a": "165.254.16.95"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.205": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5027",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.205"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1477",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 22:07:52.464775000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508476072.464775000",
- "frame.time_delta": "4.206559000",
- "frame.time_delta_displayed": "900.008167000",
- "frame.time_relative": "18360.059571000",
- "frame.number": "18263",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x00005c8a",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00005c33",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "58930",
- "udp.dstport": "53",
- "udp.port": "58930",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x000072d5",
- "udp.checksum.status": "2",
- "udp.stream": "235"
- },
- "dns": {
- "dns.response_in": "18264",
- "dns.id": "0x000004b0",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 22:07:52.473763000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508476072.473763000",
- "frame.time_delta": "0.008988000",
- "frame.time_delta_displayed": "0.008988000",
- "frame.time_relative": "18360.068559000",
- "frame.number": "18264",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x000052f7",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00006411",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "58930",
- "udp.port": "53",
- "udp.port": "58930",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "235"
- },
- "dns": {
- "dns.response_to": "18263",
- "dns.time": "0.008988000",
- "dns.id": "0x000004b0",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "142",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "18558",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.112"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.125"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1574",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1574",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1574",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1574",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1574",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1574",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1574",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1574",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1574",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "99",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4639",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.208"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "7415",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.108"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.129": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3479",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.129"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 173.223.52.70": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5887",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.70"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.203": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4442",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.203"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "21",
- "dns.resp.len": "4",
- "dns.a": "165.254.16.95"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.205": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4127",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.205"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "577",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 22:22:52.482011000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508476972.482011000",
- "frame.time_delta": "2.079982000",
- "frame.time_delta_displayed": "900.008248000",
- "frame.time_relative": "19260.076807000",
- "frame.number": "19082",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x00007f92",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000392b",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "48250",
- "udp.dstport": "53",
- "udp.port": "48250",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x00009c8c",
- "udp.checksum.status": "2",
- "udp.stream": "242"
- },
- "dns": {
- "dns.response_in": "19083",
- "dns.id": "0x000004b1",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 22:22:52.488375000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508476972.488375000",
- "frame.time_delta": "0.006364000",
- "frame.time_delta_displayed": "0.006364000",
- "frame.time_relative": "19260.083171000",
- "frame.number": "19083",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x000024f5",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00009213",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "48250",
- "udp.port": "53",
- "udp.port": "48250",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "242"
- },
- "dns": {
- "dns.response_to": "19082",
- "dns.time": "0.006364000",
- "dns.id": "0x000004b1",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "143",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "17658",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.112"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.125"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "674",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "674",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "674",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "674",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "674",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "674",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "674",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "674",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "674",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3200",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3739",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.208"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "6515",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.108"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.129": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2579",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.129"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 173.223.52.70": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4987",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.70"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.203": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3542",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.203"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.94": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3122",
- "dns.resp.len": "4",
- "dns.a": "165.254.16.94"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.205": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3227",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.205"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5678",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 22:33:21.968209000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508477601.968209000",
- "frame.time_delta": "2.368838000",
- "frame.time_delta_displayed": "629.479834000",
- "frame.time_relative": "19889.563005000",
- "frame.number": "19759",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x000048a9",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00007011",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "48476",
- "udp.dstport": "53",
- "udp.port": "48476",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x0000032f",
- "udp.checksum.status": "2",
- "udp.stream": "248"
- },
- "dns": {
- "dns.response_in": "19760",
- "dns.id": "0x000004b2",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 22:33:21.970113000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508477601.970113000",
- "frame.time_delta": "0.001904000",
- "frame.time_delta_displayed": "0.001904000",
- "frame.time_relative": "19889.564909000",
- "frame.number": "19760",
- "frame.len": "137",
- "frame.cap_len": "137",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "123",
- "ip.id": "0x00006934",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00004f4c",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "48476",
- "udp.port": "53",
- "udp.port": "48476",
- "udp.length": "103",
- "udp.checksum": "0x0000826a",
- "udp.checksum.status": "2",
- "udp.stream": "248"
- },
- "dns": {
- "dns.response_to": "19759",
- "dns.time": "0.001904000",
- "dns.id": "0x000004b2",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "1",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- },
- "Authoritative nameservers": {
- "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "6",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3220",
- "dns.resp.len": "46",
- "dns.soa.mname": "ns1.ext.philips.com",
- "dns.soa.rname": "ddi-authority.philips.com",
- "dns.soa.serial_number": "387",
- "dns.soa.refresh_interval": "1200",
- "dns.soa.retry_interval": "300",
- "dns.soa.expire_limit": "1209600",
- "dns.soa.mininum_ttl": "3600"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 22:33:21.971590000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508477601.971590000",
- "frame.time_delta": "0.001477000",
- "frame.time_delta_displayed": "0.001477000",
- "frame.time_relative": "19889.566386000",
- "frame.number": "19761",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x000048aa",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00007010",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "60103",
- "udp.dstport": "53",
- "udp.port": "60103",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x0000f0c2",
- "udp.checksum.status": "2",
- "udp.stream": "249"
- },
- "dns": {
- "dns.response_in": "19762",
- "dns.id": "0x000004b3",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 22:33:21.973429000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508477601.973429000",
- "frame.time_delta": "0.001839000",
- "frame.time_delta_displayed": "0.001839000",
- "frame.time_relative": "19889.568225000",
- "frame.number": "19762",
- "frame.len": "269",
- "frame.cap_len": "269",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "255",
- "ip.id": "0x00006935",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00004ec7",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "60103",
- "udp.port": "53",
- "udp.port": "60103",
- "udp.length": "235",
- "udp.checksum": "0x000082ee",
- "udp.checksum.status": "2",
- "udp.stream": "249"
- },
- "dns": {
- "dns.response_to": "19761",
- "dns.time": "0.001839000",
- "dns.id": "0x000004b3",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "1",
- "dns.count.auth_rr": "3",
- "dns.count.add_rr": "5",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
- "dns.resp.name": "dcp.cpp.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3220",
- "dns.resp.len": "4",
- "dns.a": "5.79.62.93"
- }
- },
- "Authoritative nameservers": {
- "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "689",
- "dns.resp.len": "10",
- "dns.ns": "ns3.ext.philips.com"
- },
- "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "689",
- "dns.resp.len": "6",
- "dns.ns": "ns1.ext.philips.com"
- },
- "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "689",
- "dns.resp.len": "6",
- "dns.ns": "ns2.ext.philips.com"
- }
- },
- "Additional records": {
- "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
- "dns.resp.name": "ns2.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "157175",
- "dns.resp.len": "4",
- "dns.a": "57.77.21.76"
- },
- "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
- "dns.resp.name": "ns3.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "157175",
- "dns.resp.len": "4",
- "dns.a": "57.73.36.68"
- },
- "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
- "dns.resp.name": "ns1.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2218",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
- },
- "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
- "dns.resp.name": "ns2.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "47152",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
- },
- "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
- "dns.resp.name": "ns3.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "47152",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 22:33:22.393601000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508477602.393601000",
- "frame.time_delta": "0.000661000",
- "frame.time_delta_displayed": "0.420172000",
- "frame.time_relative": "19889.988397000",
- "frame.number": "19778",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x000048c9",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00006ff1",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "58716",
- "udp.dstport": "53",
- "udp.port": "58716",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x0000db2c",
- "udp.checksum.status": "2",
- "udp.stream": "250"
- },
- "dns": {
- "dns.response_in": "19779",
- "dns.id": "0x000004b4",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 22:33:22.394208000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508477602.394208000",
- "frame.time_delta": "0.000607000",
- "frame.time_delta_displayed": "0.000607000",
- "frame.time_relative": "19889.989004000",
- "frame.number": "19779",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x00006951",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00004f69",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "58716",
- "udp.port": "53",
- "udp.port": "58716",
- "udp.length": "45",
- "udp.checksum": "0x00008230",
- "udp.checksum.status": "2",
- "udp.stream": "250"
- },
- "dns": {
- "dns.response_to": "19778",
- "dns.time": "0.000607000",
- "dns.id": "0x000004b4",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 22:33:22.395034000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508477602.395034000",
- "frame.time_delta": "0.000826000",
- "frame.time_delta_displayed": "0.000826000",
- "frame.time_relative": "19889.989830000",
- "frame.number": "19780",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x000048ca",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00006ff0",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "58570",
- "udp.dstport": "53",
- "udp.port": "58570",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x0000f6bd",
- "udp.checksum.status": "2",
- "udp.stream": "251"
- },
- "dns": {
- "dns.response_in": "19781",
- "dns.id": "0x000004b5",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 22:33:22.395453000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508477602.395453000",
- "frame.time_delta": "0.000419000",
- "frame.time_delta_displayed": "0.000419000",
- "frame.time_relative": "19889.990249000",
- "frame.number": "19781",
- "frame.len": "95",
- "frame.cap_len": "95",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "81",
- "ip.id": "0x00006952",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00004f58",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "58570",
- "udp.port": "53",
- "udp.port": "58570",
- "udp.length": "61",
- "udp.checksum": "0x00008240",
- "udp.checksum.status": "2",
- "udp.stream": "251"
- },
- "dns": {
- "dns.response_to": "19780",
- "dns.time": "0.000419000",
- "dns.id": "0x000004b5",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "1",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
- "dns.resp.name": "dcp.cpp.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3219",
- "dns.resp.len": "4",
- "dns.a": "5.79.62.93"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 22:37:52.496004000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508477872.496004000",
- "frame.time_delta": "7.655864000",
- "frame.time_delta_displayed": "270.100551000",
- "frame.time_relative": "20160.090800000",
- "frame.number": "20012",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x00007136",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00004787",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "57235",
- "udp.dstport": "53",
- "udp.port": "57235",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x0000796e",
- "udp.checksum.status": "2",
- "udp.stream": "252"
- },
- "dns": {
- "dns.response_in": "20013",
- "dns.id": "0x000004b6",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 22:37:52.557890000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508477872.557890000",
- "frame.time_delta": "0.061886000",
- "frame.time_delta_displayed": "0.061886000",
- "frame.time_relative": "20160.152686000",
- "frame.number": "20013",
- "frame.len": "467",
- "frame.cap_len": "467",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "453",
- "ip.id": "0x00007974",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00003dc2",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "57235",
- "udp.port": "53",
- "udp.port": "57235",
- "udp.length": "433",
- "udp.checksum": "0x000083b4",
- "udp.checksum.status": "2",
- "udp.stream": "252"
- },
- "dns": {
- "dns.response_to": "20012",
- "dns.time": "0.061886000",
- "dns.id": "0x000004b6",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "8",
- "dns.count.add_rr": "8",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "118",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "15117",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.112"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.125"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "690",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "690",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "690",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "690",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "690",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "690",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "690",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "690",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 23.67.56.215": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "6717",
- "dns.resp.len": "4",
- "dns.a": "23.67.56.215"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "7220",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.158"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3405",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.150"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 165.254.16.92": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "311",
- "dns.resp.len": "4",
- "dns.a": "165.254.16.92"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.206": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "58",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.206"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.69": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3867",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.69"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.204": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1920",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.204"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 22:52:52.564075000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508478772.564075000",
- "frame.time_delta": "2.198143000",
- "frame.time_delta_displayed": "900.006185000",
- "frame.time_relative": "21060.158871000",
- "frame.number": "20790",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x0000cae0",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000eddc",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "43240",
- "udp.dstport": "53",
- "udp.port": "43240",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x0000b018",
- "udp.checksum.status": "2",
- "udp.stream": "258"
- },
- "dns": {
- "dns.response_in": "20791",
- "dns.id": "0x000004b7",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 22:52:52.600980000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508478772.600980000",
- "frame.time_delta": "0.036905000",
- "frame.time_delta_displayed": "0.036905000",
- "frame.time_relative": "21060.195776000",
- "frame.number": "20791",
- "frame.len": "467",
- "frame.cap_len": "467",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "453",
- "ip.id": "0x00009731",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00002005",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "43240",
- "udp.port": "53",
- "udp.port": "43240",
- "udp.length": "433",
- "udp.checksum": "0x000083b4",
- "udp.checksum.status": "2",
- "udp.stream": "258"
- },
- "dns": {
- "dns.response_to": "20790",
- "dns.time": "0.036905000",
- "dns.id": "0x000004b7",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "8",
- "dns.count.add_rr": "8",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "118",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "14217",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.125"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.112"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "790",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "790",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "790",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "790",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "790",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "790",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "790",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "790",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3106",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 23.67.56.215": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5817",
- "dns.resp.len": "4",
- "dns.a": "23.67.56.215"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "6320",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.158"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2505",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.150"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.202": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5412",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.202"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 173.223.52.70": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "7161",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.70"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.69": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2967",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.69"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.204": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1020",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.204"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 23:07:52.606357000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508479672.606357000",
- "frame.time_delta": "1.385883000",
- "frame.time_delta_displayed": "900.005377000",
- "frame.time_relative": "21960.201153000",
- "frame.number": "21562",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x00004d98",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00006b25",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53213",
- "udp.dstport": "53",
- "udp.port": "53213",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x00008922",
- "udp.checksum.status": "2",
- "udp.stream": "264"
- },
- "dns": {
- "dns.response_in": "21563",
- "dns.id": "0x000004b8",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 23:07:52.617193000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508479672.617193000",
- "frame.time_delta": "0.010836000",
- "frame.time_delta_displayed": "0.010836000",
- "frame.time_relative": "21960.211989000",
- "frame.number": "21563",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x0000db65",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000dba2",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "53213",
- "udp.port": "53",
- "udp.port": "53213",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "264"
- },
- "dns": {
- "dns.response_to": "21562",
- "dns.time": "0.010836000",
- "dns.id": "0x000004b8",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "118",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "13317",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.112"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.125"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3890",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3890",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3890",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3890",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3890",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3890",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3890",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3890",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3890",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2206",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 23.67.56.215": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4917",
- "dns.resp.len": "4",
- "dns.a": "23.67.56.215"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5420",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.158"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1605",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.150"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.202": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4512",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.202"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 173.223.52.70": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "6261",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.70"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.69": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2067",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.69"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.204": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "120",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.204"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5890",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 23:22:52.625699000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508480572.625699000",
- "frame.time_delta": "4.403118000",
- "frame.time_delta_displayed": "900.008506000",
- "frame.time_relative": "22860.220495000",
- "frame.number": "22346",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x00005937",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00005f86",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "33001",
- "udp.dstport": "53",
- "udp.port": "33001",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x0000d815",
- "udp.checksum.status": "2",
- "udp.stream": "268"
- },
- "dns": {
- "dns.response_in": "22347",
- "dns.id": "0x000004b9",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 23:22:52.650694000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508480572.650694000",
- "frame.time_delta": "0.024995000",
- "frame.time_delta_displayed": "0.024995000",
- "frame.time_relative": "22860.245490000",
- "frame.number": "22347",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x0000d12d",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000e5da",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "33001",
- "udp.port": "53",
- "udp.port": "33001",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "268"
- },
- "dns": {
- "dns.response_to": "22346",
- "dns.time": "0.024995000",
- "dns.id": "0x000004b9",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "143",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "14058",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.112"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.125"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1074",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1074",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1074",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1074",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1074",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1074",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1074",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1074",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1074",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3601",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "139",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.208"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2915",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.108"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.239": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2980",
- "dns.resp.len": "4",
- "dns.a": "165.254.134.239"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 173.223.52.70": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1387",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.70"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 96.17.70.191": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "7943",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.191"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.70": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3523",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.70"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5628",
- "dns.resp.len": "4",
- "dns.a": "204.1.137.41"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2078",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 23:33:22.664730000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508481202.664730000",
- "frame.time_delta": "2.566341000",
- "frame.time_delta_displayed": "630.014036000",
- "frame.time_relative": "23490.259526000",
- "frame.number": "22859",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x00007d2e",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00003b8c",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "58340",
- "udp.dstport": "53",
- "udp.port": "58340",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x0000dc9e",
- "udp.checksum.status": "2",
- "udp.stream": "271"
- },
- "dns": {
- "dns.response_in": "22860",
- "dns.id": "0x000004ba",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 23:33:22.666597000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508481202.666597000",
- "frame.time_delta": "0.001867000",
- "frame.time_delta_displayed": "0.001867000",
- "frame.time_relative": "23490.261393000",
- "frame.number": "22860",
- "frame.len": "137",
- "frame.cap_len": "137",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "123",
- "ip.id": "0x00008ce9",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00002b97",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "58340",
- "udp.port": "53",
- "udp.port": "58340",
- "udp.length": "103",
- "udp.checksum": "0x0000826a",
- "udp.checksum.status": "2",
- "udp.stream": "271"
- },
- "dns": {
- "dns.response_to": "22859",
- "dns.time": "0.001867000",
- "dns.id": "0x000004ba",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "1",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- },
- "Authoritative nameservers": {
- "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "6",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3219",
- "dns.resp.len": "46",
- "dns.soa.mname": "ns1.ext.philips.com",
- "dns.soa.rname": "ddi-authority.philips.com",
- "dns.soa.serial_number": "387",
- "dns.soa.refresh_interval": "1200",
- "dns.soa.retry_interval": "300",
- "dns.soa.expire_limit": "1209600",
- "dns.soa.mininum_ttl": "3600"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 23:33:22.667494000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508481202.667494000",
- "frame.time_delta": "0.000897000",
- "frame.time_delta_displayed": "0.000897000",
- "frame.time_relative": "23490.262290000",
- "frame.number": "22861",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x00007d2f",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00003b8b",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "52564",
- "udp.dstport": "53",
- "udp.port": "52564",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x00000e2e",
- "udp.checksum.status": "2",
- "udp.stream": "272"
- },
- "dns": {
- "dns.response_in": "22862",
- "dns.id": "0x000004bb",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 23:33:22.669032000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508481202.669032000",
- "frame.time_delta": "0.001538000",
- "frame.time_delta_displayed": "0.001538000",
- "frame.time_relative": "23490.263828000",
- "frame.number": "22862",
- "frame.len": "269",
- "frame.cap_len": "269",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "255",
- "ip.id": "0x00008cea",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00002b12",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "52564",
- "udp.port": "53",
- "udp.port": "52564",
- "udp.length": "235",
- "udp.checksum": "0x000082ee",
- "udp.checksum.status": "2",
- "udp.stream": "272"
- },
- "dns": {
- "dns.response_to": "22861",
- "dns.time": "0.001538000",
- "dns.id": "0x000004bb",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "1",
- "dns.count.auth_rr": "3",
- "dns.count.add_rr": "5",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
- "dns.resp.name": "dcp.cpp.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3220",
- "dns.resp.len": "4",
- "dns.a": "5.79.62.93"
- }
- },
- "Authoritative nameservers": {
- "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "688",
- "dns.resp.len": "10",
- "dns.ns": "ns3.ext.philips.com"
- },
- "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "688",
- "dns.resp.len": "6",
- "dns.ns": "ns1.ext.philips.com"
- },
- "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "688",
- "dns.resp.len": "6",
- "dns.ns": "ns2.ext.philips.com"
- }
- },
- "Additional records": {
- "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
- "dns.resp.name": "ns2.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "153574",
- "dns.resp.len": "4",
- "dns.a": "57.77.21.76"
- },
- "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
- "dns.resp.name": "ns3.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "153574",
- "dns.resp.len": "4",
- "dns.a": "57.73.36.68"
- },
- "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
- "dns.resp.name": "ns1.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "171829",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
- },
- "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
- "dns.resp.name": "ns2.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "43551",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
- },
- "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
- "dns.resp.name": "ns3.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "43551",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 23:33:23.087037000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508481203.087037000",
- "frame.time_delta": "0.001271000",
- "frame.time_delta_displayed": "0.418005000",
- "frame.time_relative": "23490.681833000",
- "frame.number": "22878",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x00007d4c",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00003b6e",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "37188",
- "udp.dstport": "53",
- "udp.port": "37188",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x00002f3d",
- "udp.checksum.status": "2",
- "udp.stream": "273"
- },
- "dns": {
- "dns.response_in": "22879",
- "dns.id": "0x000004bc",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 23:33:23.087591000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508481203.087591000",
- "frame.time_delta": "0.000554000",
- "frame.time_delta_displayed": "0.000554000",
- "frame.time_relative": "23490.682387000",
- "frame.number": "22879",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x00008d00",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00002bba",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "37188",
- "udp.port": "53",
- "udp.port": "37188",
- "udp.length": "45",
- "udp.checksum": "0x00008230",
- "udp.checksum.status": "2",
- "udp.stream": "273"
- },
- "dns": {
- "dns.response_to": "22878",
- "dns.time": "0.000554000",
- "dns.id": "0x000004bc",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 23:33:23.088490000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508481203.088490000",
- "frame.time_delta": "0.000899000",
- "frame.time_delta_displayed": "0.000899000",
- "frame.time_relative": "23490.683286000",
- "frame.number": "22880",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x00007d4d",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00003b6d",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "57857",
- "udp.dstport": "53",
- "udp.port": "57857",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x0000f97e",
- "udp.checksum.status": "2",
- "udp.stream": "274"
- },
- "dns": {
- "dns.response_in": "22881",
- "dns.id": "0x000004bd",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 23:33:23.089060000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508481203.089060000",
- "frame.time_delta": "0.000570000",
- "frame.time_delta_displayed": "0.000570000",
- "frame.time_relative": "23490.683856000",
- "frame.number": "22881",
- "frame.len": "95",
- "frame.cap_len": "95",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "81",
- "ip.id": "0x00008d01",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00002ba9",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "57857",
- "udp.port": "53",
- "udp.port": "57857",
- "udp.length": "61",
- "udp.checksum": "0x00008240",
- "udp.checksum.status": "2",
- "udp.stream": "274"
- },
- "dns": {
- "dns.response_to": "22880",
- "dns.time": "0.000570000",
- "dns.id": "0x000004bd",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "1",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
- "dns.resp.name": "dcp.cpp.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3219",
- "dns.resp.len": "4",
- "dns.a": "5.79.62.93"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 23:37:52.675652000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508481472.675652000",
- "frame.time_delta": "1.044735000",
- "frame.time_delta_displayed": "269.586592000",
- "frame.time_relative": "23760.270448000",
- "frame.number": "23158",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x00009f5f",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000195e",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "41570",
- "udp.dstport": "53",
- "udp.port": "41570",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x0000b697",
- "udp.checksum.status": "2",
- "udp.stream": "280"
- },
- "dns": {
- "dns.response_in": "23159",
- "dns.id": "0x000004be",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 23:37:52.686467000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508481472.686467000",
- "frame.time_delta": "0.010815000",
- "frame.time_delta_displayed": "0.010815000",
- "frame.time_relative": "23760.281263000",
- "frame.number": "23159",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x0000db55",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000dbb2",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "41570",
- "udp.port": "53",
- "udp.port": "41570",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "280"
- },
- "dns": {
- "dns.response_to": "23158",
- "dns.time": "0.010815000",
- "dns.id": "0x000004be",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "143",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "13158",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.112"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.125"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "174",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "174",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "174",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "174",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "174",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "174",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "174",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "174",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "174",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2701",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.131": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "7242",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.131"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2015",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.108"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.239": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2080",
- "dns.resp.len": "4",
- "dns.a": "165.254.134.239"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 173.223.52.70": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "487",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.70"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 96.17.70.191": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "7043",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.191"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.70": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2623",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.70"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4728",
- "dns.resp.len": "4",
- "dns.a": "204.1.137.41"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1178",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 23:52:52.690665000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508482372.690665000",
- "frame.time_delta": "0.322371000",
- "frame.time_delta_displayed": "900.004198000",
- "frame.time_relative": "24660.285461000",
- "frame.number": "23918",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x00009671",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000224c",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "42853",
- "udp.dstport": "53",
- "udp.port": "42853",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x0000b193",
- "udp.checksum.status": "2",
- "udp.stream": "284"
- },
- "dns": {
- "dns.response_in": "23919",
- "dns.id": "0x000004bf",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 19, 2017 23:52:52.711241000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508482372.711241000",
- "frame.time_delta": "0.020576000",
- "frame.time_delta_displayed": "0.020576000",
- "frame.time_relative": "24660.306037000",
- "frame.number": "23919",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x00001d6b",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000999d",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "42853",
- "udp.port": "53",
- "udp.port": "42853",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "284"
- },
- "dns": {
- "dns.response_to": "23918",
- "dns.time": "0.020576000",
- "dns.id": "0x000004bf",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "119",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "10617",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.125"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.112"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1190",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1190",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1190",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1190",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1190",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1190",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1190",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1190",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1190",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3509",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 23.67.56.215": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2217",
- "dns.resp.len": "4",
- "dns.a": "23.67.56.215"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2720",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.158"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2912",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.108"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.202": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1812",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.202"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 173.223.52.70": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3561",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.70"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3369",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.109"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.246": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3423",
- "dns.resp.len": "4",
- "dns.a": "165.254.134.246"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3190",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 00:07:52.715432000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508483272.715432000",
- "frame.time_delta": "0.798629000",
- "frame.time_delta_displayed": "900.004191000",
- "frame.time_relative": "25560.310228000",
- "frame.number": "24682",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x0000a08f",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000182e",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53913",
- "udp.dstport": "53",
- "udp.port": "53913",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x0000865e",
- "udp.checksum.status": "2",
- "udp.stream": "288"
- },
- "dns": {
- "dns.response_in": "24683",
- "dns.id": "0x000004c0",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 00:07:52.722880000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508483272.722880000",
- "frame.time_delta": "0.007448000",
- "frame.time_delta_displayed": "0.007448000",
- "frame.time_relative": "25560.317676000",
- "frame.number": "24683",
- "frame.len": "467",
- "frame.cap_len": "467",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "453",
- "ip.id": "0x000067fe",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00004f38",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "53913",
- "udp.port": "53",
- "udp.port": "53913",
- "udp.length": "433",
- "udp.checksum": "0x000083b4",
- "udp.checksum.status": "2",
- "udp.stream": "288"
- },
- "dns": {
- "dns.response_to": "24682",
- "dns.time": "0.007448000",
- "dns.id": "0x000004c0",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "8",
- "dns.count.add_rr": "8",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "143",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "11358",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.112"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.125"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "374",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "374",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "374",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "374",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "374",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "374",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "374",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "374",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "901",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.131": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5442",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.131"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "215",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.108"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.239": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "280",
- "dns.resp.len": "4",
- "dns.a": "165.254.134.239"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.177": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4688",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.177"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 96.17.70.191": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5243",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.191"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.70": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "823",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.70"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2928",
- "dns.resp.len": "4",
- "dns.a": "204.1.137.41"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 00:12:04.696340000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508483524.696340000",
- "frame.time_delta": "0.145443000",
- "frame.time_delta_displayed": "251.973460000",
- "frame.time_relative": "25812.291136000",
- "frame.number": "24953",
- "frame.len": "83",
- "frame.cap_len": "83",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "69",
- "ip.id": "0x0000a209",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x000016ad",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "49770",
- "udp.dstport": "53",
- "udp.port": "49770",
- "udp.port": "53",
- "udp.length": "49",
- "udp.checksum": "0x0000cac1",
- "udp.checksum.status": "2",
- "udp.stream": "293"
- },
- "dns": {
- "dns.response_in": "24954",
- "dns.id": "0x00000043",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "diagnostics.meethue.com: type A, class IN": {
- "dns.qry.name": "diagnostics.meethue.com",
- "dns.qry.name.len": "23",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 00:12:04.767719000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508483524.767719000",
- "frame.time_delta": "0.071379000",
- "frame.time_delta_displayed": "0.071379000",
- "frame.time_relative": "25812.362515000",
- "frame.number": "24954",
- "frame.len": "297",
- "frame.cap_len": "297",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "283",
- "ip.id": "0x00008814",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00002fcc",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "49770",
- "udp.port": "53",
- "udp.port": "49770",
- "udp.length": "263",
- "udp.checksum": "0x0000830a",
- "udp.checksum.status": "2",
- "udp.stream": "293"
- },
- "dns": {
- "dns.response_to": "24953",
- "dns.time": "0.071379000",
- "dns.id": "0x00000043",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "1",
- "dns.count.auth_rr": "3",
- "dns.count.add_rr": "6",
- "Queries": {
- "diagnostics.meethue.com: type A, class IN": {
- "dns.qry.name": "diagnostics.meethue.com",
- "dns.qry.name.len": "23",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "diagnostics.meethue.com: type A, class IN, addr 130.211.67.12": {
- "dns.resp.name": "diagnostics.meethue.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "300",
- "dns.resp.len": "4",
- "dns.a": "130.211.67.12"
- }
- },
- "Authoritative nameservers": {
- "meethue.com: type NS, class IN, ns ns3.ext.philips.com": {
- "dns.resp.name": "meethue.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1704",
- "dns.resp.len": "18",
- "dns.ns": "ns3.ext.philips.com"
- },
- "meethue.com: type NS, class IN, ns ns1.ext.philips.com": {
- "dns.resp.name": "meethue.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1704",
- "dns.resp.len": "6",
- "dns.ns": "ns1.ext.philips.com"
- },
- "meethue.com: type NS, class IN, ns ns2.ext.philips.com": {
- "dns.resp.name": "meethue.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1704",
- "dns.resp.len": "6",
- "dns.ns": "ns2.ext.philips.com"
- }
- },
- "Additional records": {
- "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
- "dns.resp.name": "ns1.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "131086",
- "dns.resp.len": "4",
- "dns.a": "57.67.40.20"
- },
- "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
- "dns.resp.name": "ns2.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "155804",
- "dns.resp.len": "4",
- "dns.a": "57.77.21.76"
- },
- "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
- "dns.resp.name": "ns3.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "155804",
- "dns.resp.len": "4",
- "dns.a": "57.73.36.68"
- },
- "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
- "dns.resp.name": "ns1.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "134705",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
- },
- "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
- "dns.resp.name": "ns2.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "127278",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
- },
- "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
- "dns.resp.name": "ns3.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "127278",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 00:22:52.727669000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508484172.727669000",
- "frame.time_delta": "3.871548000",
- "frame.time_delta_displayed": "647.959950000",
- "frame.time_relative": "26460.322465000",
- "frame.number": "25506",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x000042c9",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x000075f4",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "55301",
- "udp.dstport": "53",
- "udp.port": "55301",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x000080f1",
- "udp.checksum.status": "2",
- "udp.stream": "295"
- },
- "dns": {
- "dns.response_in": "25507",
- "dns.id": "0x000004c1",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 00:22:52.765073000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508484172.765073000",
- "frame.time_delta": "0.037404000",
- "frame.time_delta_displayed": "0.037404000",
- "frame.time_relative": "26460.359869000",
- "frame.number": "25507",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x00000318",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000b3f0",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "55301",
- "udp.port": "53",
- "udp.port": "55301",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "295"
- },
- "dns": {
- "dns.response_to": "25506",
- "dns.time": "0.037404000",
- "dns.id": "0x000004c1",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "119",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "8817",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.112"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.125"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3390",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3390",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3390",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3390",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3390",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3390",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3390",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3390",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3390",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1709",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 23.67.56.215": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "417",
- "dns.resp.len": "4",
- "dns.a": "23.67.56.215"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "920",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.158"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1112",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.108"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.202": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "12",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.202"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 173.223.52.70": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1761",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.70"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1569",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.109"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.246": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1623",
- "dns.resp.len": "4",
- "dns.a": "165.254.134.246"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1390",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 00:33:23.301033000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508484803.301033000",
- "frame.time_delta": "0.159453000",
- "frame.time_delta_displayed": "630.535960000",
- "frame.time_relative": "27090.895829000",
- "frame.number": "26095",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x0000aa78",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00000e42",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "60609",
- "udp.dstport": "53",
- "udp.port": "60609",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x0000d3b9",
- "udp.checksum.status": "2",
- "udp.stream": "299"
- },
- "dns": {
- "dns.response_in": "26096",
- "dns.id": "0x000004c2",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 00:33:23.303089000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508484803.303089000",
- "frame.time_delta": "0.002056000",
- "frame.time_delta_displayed": "0.002056000",
- "frame.time_relative": "27090.897885000",
- "frame.number": "26096",
- "frame.len": "137",
- "frame.cap_len": "137",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "123",
- "ip.id": "0x0000a9d2",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00000eae",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "60609",
- "udp.port": "53",
- "udp.port": "60609",
- "udp.length": "103",
- "udp.checksum": "0x0000826a",
- "udp.checksum.status": "2",
- "udp.stream": "299"
- },
- "dns": {
- "dns.response_to": "26095",
- "dns.time": "0.002056000",
- "dns.id": "0x000004c2",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "1",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- },
- "Authoritative nameservers": {
- "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "6",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3219",
- "dns.resp.len": "46",
- "dns.soa.mname": "ns1.ext.philips.com",
- "dns.soa.rname": "ddi-authority.philips.com",
- "dns.soa.serial_number": "387",
- "dns.soa.refresh_interval": "1200",
- "dns.soa.retry_interval": "300",
- "dns.soa.expire_limit": "1209600",
- "dns.soa.mininum_ttl": "3600"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 00:33:23.303940000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508484803.303940000",
- "frame.time_delta": "0.000851000",
- "frame.time_delta_displayed": "0.000851000",
- "frame.time_relative": "27090.898736000",
- "frame.number": "26097",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x0000aa79",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00000e41",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "45112",
- "udp.dstport": "53",
- "udp.port": "45112",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x00002b42",
- "udp.checksum.status": "2",
- "udp.stream": "300"
- },
- "dns": {
- "dns.response_in": "26098",
- "dns.id": "0x000004c3",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 00:33:23.305709000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508484803.305709000",
- "frame.time_delta": "0.001769000",
- "frame.time_delta_displayed": "0.001769000",
- "frame.time_relative": "27090.900505000",
- "frame.number": "26098",
- "frame.len": "269",
- "frame.cap_len": "269",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "255",
- "ip.id": "0x0000a9d3",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00000e29",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "45112",
- "udp.port": "53",
- "udp.port": "45112",
- "udp.length": "235",
- "udp.checksum": "0x000082ee",
- "udp.checksum.status": "2",
- "udp.stream": "300"
- },
- "dns": {
- "dns.response_to": "26097",
- "dns.time": "0.001769000",
- "dns.id": "0x000004c3",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "1",
- "dns.count.auth_rr": "3",
- "dns.count.add_rr": "5",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
- "dns.resp.name": "dcp.cpp.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3219",
- "dns.resp.len": "4",
- "dns.a": "5.79.62.93"
- }
- },
- "Authoritative nameservers": {
- "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "689",
- "dns.resp.len": "10",
- "dns.ns": "ns3.ext.philips.com"
- },
- "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "689",
- "dns.resp.len": "6",
- "dns.ns": "ns1.ext.philips.com"
- },
- "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "689",
- "dns.resp.len": "6",
- "dns.ns": "ns2.ext.philips.com"
- }
- },
- "Additional records": {
- "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
- "dns.resp.name": "ns2.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "149973",
- "dns.resp.len": "4",
- "dns.a": "57.77.21.76"
- },
- "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
- "dns.resp.name": "ns3.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "149973",
- "dns.resp.len": "4",
- "dns.a": "57.73.36.68"
- },
- "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
- "dns.resp.name": "ns1.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "168228",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
- },
- "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
- "dns.resp.name": "ns2.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "39950",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
- },
- "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
- "dns.resp.name": "ns3.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "39950",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 00:33:23.726935000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508484803.726935000",
- "frame.time_delta": "0.001538000",
- "frame.time_delta_displayed": "0.421226000",
- "frame.time_relative": "27091.321731000",
- "frame.number": "26114",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x0000aaa1",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00000e19",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "47836",
- "udp.dstport": "53",
- "udp.port": "47836",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x0000059d",
- "udp.checksum.status": "2",
- "udp.stream": "301"
- },
- "dns": {
- "dns.response_in": "26115",
- "dns.id": "0x000004c4",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 00:33:23.727513000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508484803.727513000",
- "frame.time_delta": "0.000578000",
- "frame.time_delta_displayed": "0.000578000",
- "frame.time_relative": "27091.322309000",
- "frame.number": "26115",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x0000a9f1",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00000ec9",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "47836",
- "udp.port": "53",
- "udp.port": "47836",
- "udp.length": "45",
- "udp.checksum": "0x00008230",
- "udp.checksum.status": "2",
- "udp.stream": "301"
- },
- "dns": {
- "dns.response_to": "26114",
- "dns.time": "0.000578000",
- "dns.id": "0x000004c4",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 00:33:23.728355000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508484803.728355000",
- "frame.time_delta": "0.000842000",
- "frame.time_delta_displayed": "0.000842000",
- "frame.time_relative": "27091.323151000",
- "frame.number": "26116",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x0000aaa2",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00000e18",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "59436",
- "udp.dstport": "53",
- "udp.port": "59436",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x0000f34b",
- "udp.checksum.status": "2",
- "udp.stream": "302"
- },
- "dns": {
- "dns.response_in": "26117",
- "dns.id": "0x000004c5",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 00:33:23.728777000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508484803.728777000",
- "frame.time_delta": "0.000422000",
- "frame.time_delta_displayed": "0.000422000",
- "frame.time_relative": "27091.323573000",
- "frame.number": "26117",
- "frame.len": "95",
- "frame.cap_len": "95",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "81",
- "ip.id": "0x0000a9f2",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00000eb8",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "59436",
- "udp.port": "53",
- "udp.port": "59436",
- "udp.length": "61",
- "udp.checksum": "0x00008240",
- "udp.checksum.status": "2",
- "udp.stream": "302"
- },
- "dns": {
- "dns.response_to": "26116",
- "dns.time": "0.000422000",
- "dns.id": "0x000004c5",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "1",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
- "dns.resp.name": "dcp.cpp.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3219",
- "dns.resp.len": "4",
- "dns.a": "5.79.62.93"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 00:37:52.772955000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508485072.772955000",
- "frame.time_delta": "1.222355000",
- "frame.time_delta_displayed": "269.044178000",
- "frame.time_relative": "27360.367751000",
- "frame.number": "26369",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x0000ce92",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000ea2a",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "45574",
- "udp.dstport": "53",
- "udp.port": "45574",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x0000a6eb",
- "udp.checksum.status": "2",
- "udp.stream": "304"
- },
- "dns": {
- "dns.response_in": "26370",
- "dns.id": "0x000004c6",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 00:37:52.788820000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508485072.788820000",
- "frame.time_delta": "0.015865000",
- "frame.time_delta_displayed": "0.015865000",
- "frame.time_relative": "27360.383616000",
- "frame.number": "26370",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x0000cb7f",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000eb88",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "45574",
- "udp.port": "53",
- "udp.port": "45574",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "304"
- },
- "dns": {
- "dns.response_to": "26369",
- "dns.time": "0.015865000",
- "dns.id": "0x000004c6",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "144",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "9558",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.42"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.27"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2574",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2574",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2574",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2574",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2574",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2574",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2574",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2574",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2574",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3102",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.131": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3642",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.131"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.94": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "6416",
- "dns.resp.len": "4",
- "dns.a": "165.254.16.94"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.176": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2481",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.176"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.177": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2888",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.177"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 96.17.70.191": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3443",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.191"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.177": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3024",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.177"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1128",
- "dns.resp.len": "4",
- "dns.a": "204.1.137.41"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4574",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 00:52:52.797929000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508485972.797929000",
- "frame.time_delta": "1.729711000",
- "frame.time_delta_displayed": "900.009109000",
- "frame.time_relative": "28260.392725000",
- "frame.number": "27288",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x0000fdad",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000bb0f",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "57726",
- "udp.dstport": "53",
- "udp.port": "57726",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x00007772",
- "udp.checksum.status": "2",
- "udp.stream": "311"
- },
- "dns": {
- "dns.response_in": "27289",
- "dns.id": "0x000004c7",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 00:52:52.808637000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508485972.808637000",
- "frame.time_delta": "0.010708000",
- "frame.time_delta_displayed": "0.010708000",
- "frame.time_relative": "28260.403433000",
- "frame.number": "27289",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x0000efa6",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000c761",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "57726",
- "udp.port": "53",
- "udp.port": "57726",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "311"
- },
- "dns": {
- "dns.response_to": "27288",
- "dns.time": "0.010708000",
- "dns.id": "0x000004c7",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "144",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "8658",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.42"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.27"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1674",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1674",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1674",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1674",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1674",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1674",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1674",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1674",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1674",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2202",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.131": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2742",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.131"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.94": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5516",
- "dns.resp.len": "4",
- "dns.a": "165.254.16.94"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.176": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1581",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.176"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.177": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1988",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.177"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 96.17.70.191": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2543",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.191"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.177": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2124",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.177"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "228",
- "dns.resp.len": "4",
- "dns.a": "204.1.137.41"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3674",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 01:07:52.814329000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508486872.814329000",
- "frame.time_delta": "5.472047000",
- "frame.time_delta_displayed": "900.005692000",
- "frame.time_relative": "29160.409125000",
- "frame.number": "28061",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x0000614d",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00005770",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "39493",
- "udp.dstport": "53",
- "udp.port": "39493",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x0000beaa",
- "udp.checksum.status": "2",
- "udp.stream": "315"
- },
- "dns": {
- "dns.response_in": "28062",
- "dns.id": "0x000004c8",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 01:07:52.835978000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508486872.835978000",
- "frame.time_delta": "0.021649000",
- "frame.time_delta_displayed": "0.021649000",
- "frame.time_relative": "29160.430774000",
- "frame.number": "28062",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x00000e9b",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000a86d",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "39493",
- "udp.port": "53",
- "udp.port": "39493",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "315"
- },
- "dns": {
- "dns.response_to": "28061",
- "dns.time": "0.021649000",
- "dns.id": "0x000004c8",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "119",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "6117",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.27"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.42"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "690",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "690",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "690",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "690",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "690",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "690",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "690",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "690",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "690",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3011",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5718",
- "dns.resp.len": "4",
- "dns.a": "204.1.137.41"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.155": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "6226",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.155"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 23.67.56.207": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2421",
- "dns.resp.len": "4",
- "dns.a": "23.67.56.207"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.174": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3318",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.174"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 23.67.56.215": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "7067",
- "dns.resp.len": "4",
- "dns.a": "23.67.56.215"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 23.67.56.213": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2874",
- "dns.resp.len": "4",
- "dns.a": "23.67.56.213"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.155": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4925",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.155"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4702",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 01:22:52.843589000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508487772.843589000",
- "frame.time_delta": "0.601966000",
- "frame.time_delta_displayed": "900.007611000",
- "frame.time_relative": "30060.438385000",
- "frame.number": "28868",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x00008683",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000323a",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "60232",
- "udp.dstport": "53",
- "udp.port": "60232",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x00006da6",
- "udp.checksum.status": "2",
- "udp.stream": "322"
- },
- "dns": {
- "dns.response_in": "28869",
- "dns.id": "0x000004c9",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 01:22:52.850618000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508487772.850618000",
- "frame.time_delta": "0.007029000",
- "frame.time_delta_displayed": "0.007029000",
- "frame.time_relative": "30060.445414000",
- "frame.number": "28869",
- "frame.len": "467",
- "frame.cap_len": "467",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "453",
- "ip.id": "0x000032d6",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00008460",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "60232",
- "udp.port": "53",
- "udp.port": "60232",
- "udp.length": "433",
- "udp.checksum": "0x000083b4",
- "udp.checksum.status": "2",
- "udp.stream": "322"
- },
- "dns": {
- "dns.response_to": "28868",
- "dns.time": "0.007029000",
- "dns.id": "0x000004c9",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "8",
- "dns.count.add_rr": "8",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "144",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "6858",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.27"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.42"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "874",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "874",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "874",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "874",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "874",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "874",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "874",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "874",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "402",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.131": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "942",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.131"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.94": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3716",
- "dns.resp.len": "4",
- "dns.a": "165.254.16.94"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 23.67.56.213": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3782",
- "dns.resp.len": "4",
- "dns.a": "23.67.56.213"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.177": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "188",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.177"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 96.17.70.191": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "743",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.191"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.177": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "324",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.177"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.243": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4429",
- "dns.resp.len": "4",
- "dns.a": "165.254.134.243"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 01:33:21.755985000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508488401.755985000",
- "frame.time_delta": "1.940613000",
- "frame.time_delta_displayed": "628.905367000",
- "frame.time_relative": "30689.350781000",
- "frame.number": "29396",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x00009aad",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00001e0d",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "43519",
- "udp.dstport": "53",
- "udp.port": "43519",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x00001674",
- "udp.checksum.status": "2",
- "udp.stream": "327"
- },
- "dns": {
- "dns.response_in": "29397",
- "dns.id": "0x000004ca",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 01:33:21.757930000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508488401.757930000",
- "frame.time_delta": "0.001945000",
- "frame.time_delta_displayed": "0.001945000",
- "frame.time_relative": "30689.352726000",
- "frame.number": "29397",
- "frame.len": "137",
- "frame.cap_len": "137",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "123",
- "ip.id": "0x0000a15f",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00001721",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "43519",
- "udp.port": "53",
- "udp.port": "43519",
- "udp.length": "103",
- "udp.checksum": "0x0000826a",
- "udp.checksum.status": "2",
- "udp.stream": "327"
- },
- "dns": {
- "dns.response_to": "29396",
- "dns.time": "0.001945000",
- "dns.id": "0x000004ca",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "1",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- },
- "Authoritative nameservers": {
- "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "6",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3221",
- "dns.resp.len": "46",
- "dns.soa.mname": "ns1.ext.philips.com",
- "dns.soa.rname": "ddi-authority.philips.com",
- "dns.soa.serial_number": "387",
- "dns.soa.refresh_interval": "1200",
- "dns.soa.retry_interval": "300",
- "dns.soa.expire_limit": "1209600",
- "dns.soa.mininum_ttl": "3600"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 01:33:21.758751000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508488401.758751000",
- "frame.time_delta": "0.000821000",
- "frame.time_delta_displayed": "0.000821000",
- "frame.time_relative": "30689.353547000",
- "frame.number": "29398",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x00009aae",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00001e0c",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "34772",
- "udp.dstport": "53",
- "udp.port": "34772",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x0000539e",
- "udp.checksum.status": "2",
- "udp.stream": "328"
- },
- "dns": {
- "dns.response_in": "29399",
- "dns.id": "0x000004cb",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 01:33:21.760366000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508488401.760366000",
- "frame.time_delta": "0.001615000",
- "frame.time_delta_displayed": "0.001615000",
- "frame.time_relative": "30689.355162000",
- "frame.number": "29399",
- "frame.len": "285",
- "frame.cap_len": "285",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "271",
- "ip.id": "0x0000a160",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000168c",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "34772",
- "udp.port": "53",
- "udp.port": "34772",
- "udp.length": "251",
- "udp.checksum": "0x000082fe",
- "udp.checksum.status": "2",
- "udp.stream": "328"
- },
- "dns": {
- "dns.response_to": "29398",
- "dns.time": "0.001615000",
- "dns.id": "0x000004cb",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "1",
- "dns.count.auth_rr": "3",
- "dns.count.add_rr": "6",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
- "dns.resp.name": "dcp.cpp.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3221",
- "dns.resp.len": "4",
- "dns.a": "5.79.62.93"
- }
- },
- "Authoritative nameservers": {
- "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1322",
- "dns.resp.len": "10",
- "dns.ns": "ns2.ext.philips.com"
- },
- "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1322",
- "dns.resp.len": "6",
- "dns.ns": "ns3.ext.philips.com"
- },
- "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1322",
- "dns.resp.len": "6",
- "dns.ns": "ns1.ext.philips.com"
- }
- },
- "Additional records": {
- "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
- "dns.resp.name": "ns1.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "442",
- "dns.resp.len": "4",
- "dns.a": "57.67.40.20"
- },
- "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
- "dns.resp.name": "ns2.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "146375",
- "dns.resp.len": "4",
- "dns.a": "57.77.21.76"
- },
- "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
- "dns.resp.name": "ns3.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "146375",
- "dns.resp.len": "4",
- "dns.a": "57.73.36.68"
- },
- "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
- "dns.resp.name": "ns1.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "164630",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
- },
- "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
- "dns.resp.name": "ns2.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "36352",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
- },
- "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
- "dns.resp.name": "ns3.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "36352",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 01:33:22.179535000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508488402.179535000",
- "frame.time_delta": "0.001270000",
- "frame.time_delta_displayed": "0.419169000",
- "frame.time_relative": "30689.774331000",
- "frame.number": "29415",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x00009ac2",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00001df8",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "32927",
- "udp.dstport": "53",
- "udp.port": "32927",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x00003fd2",
- "udp.checksum.status": "2",
- "udp.stream": "329"
- },
- "dns": {
- "dns.response_in": "29416",
- "dns.id": "0x000004cc",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 01:33:22.180074000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508488402.180074000",
- "frame.time_delta": "0.000539000",
- "frame.time_delta_displayed": "0.000539000",
- "frame.time_relative": "30689.774870000",
- "frame.number": "29416",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x0000a17c",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000173e",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "32927",
- "udp.port": "53",
- "udp.port": "32927",
- "udp.length": "45",
- "udp.checksum": "0x00008230",
- "udp.checksum.status": "2",
- "udp.stream": "329"
- },
- "dns": {
- "dns.response_to": "29415",
- "dns.time": "0.000539000",
- "dns.id": "0x000004cc",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 01:33:22.181272000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508488402.181272000",
- "frame.time_delta": "0.001198000",
- "frame.time_delta_displayed": "0.001198000",
- "frame.time_relative": "30689.776068000",
- "frame.number": "29417",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x00009ac3",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00001df7",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "50502",
- "udp.dstport": "53",
- "udp.port": "50502",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x0000162a",
- "udp.checksum.status": "2",
- "udp.stream": "330"
- },
- "dns": {
- "dns.response_in": "29418",
- "dns.id": "0x000004cd",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 01:33:22.181706000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508488402.181706000",
- "frame.time_delta": "0.000434000",
- "frame.time_delta_displayed": "0.000434000",
- "frame.time_relative": "30689.776502000",
- "frame.number": "29418",
- "frame.len": "95",
- "frame.cap_len": "95",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "81",
- "ip.id": "0x0000a17d",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000172d",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "50502",
- "udp.port": "53",
- "udp.port": "50502",
- "udp.length": "61",
- "udp.checksum": "0x00008240",
- "udp.checksum.status": "2",
- "udp.stream": "330"
- },
- "dns": {
- "dns.response_to": "29417",
- "dns.time": "0.000434000",
- "dns.id": "0x000004cd",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "1",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
- "dns.resp.name": "dcp.cpp.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3220",
- "dns.resp.len": "4",
- "dns.a": "5.79.62.93"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 01:37:52.855829000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508488672.855829000",
- "frame.time_delta": "3.621068000",
- "frame.time_delta_displayed": "270.674123000",
- "frame.time_relative": "30960.450625000",
- "frame.number": "29698",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x0000af13",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x000009aa",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "51191",
- "udp.dstport": "53",
- "udp.port": "51191",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x000090f2",
- "udp.checksum.status": "2",
- "udp.stream": "331"
- },
- "dns": {
- "dns.response_in": "29699",
- "dns.id": "0x000004ce",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 01:37:52.862182000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508488672.862182000",
- "frame.time_delta": "0.006353000",
- "frame.time_delta_displayed": "0.006353000",
- "frame.time_relative": "30960.456978000",
- "frame.number": "29699",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x0000ff8b",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000b77c",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "51191",
- "udp.port": "53",
- "udp.port": "51191",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "331"
- },
- "dns": {
- "dns.response_to": "29698",
- "dns.time": "0.006353000",
- "dns.id": "0x000004ce",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "144",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5958",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.42"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.27"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3974",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3974",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3974",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3974",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3974",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3974",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3974",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3974",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3974",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3503",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.131": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "42",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.131"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.94": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2816",
- "dns.resp.len": "4",
- "dns.a": "165.254.16.94"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 23.67.56.213": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2882",
- "dns.resp.len": "4",
- "dns.a": "23.67.56.213"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.175": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5291",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.175"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "7844",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.150"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.177": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3426",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.177"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.243": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3529",
- "dns.resp.len": "4",
- "dns.a": "165.254.134.243"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "974",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 01:52:52.869701000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508489572.869701000",
- "frame.time_delta": "1.064777000",
- "frame.time_delta_displayed": "900.007519000",
- "frame.time_relative": "31860.464497000",
- "frame.number": "30491",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x0000c558",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000f364",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "43504",
- "udp.dstport": "53",
- "udp.port": "43504",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x0000aef8",
- "udp.checksum.status": "2",
- "udp.stream": "337"
- },
- "dns": {
- "dns.response_in": "30492",
- "dns.id": "0x000004cf",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 01:52:52.875803000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508489572.875803000",
- "frame.time_delta": "0.006102000",
- "frame.time_delta_displayed": "0.006102000",
- "frame.time_relative": "31860.470599000",
- "frame.number": "30492",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x00004e2b",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x000068dd",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "43504",
- "udp.port": "53",
- "udp.port": "43504",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "337"
- },
- "dns": {
- "dns.response_to": "30491",
- "dns.time": "0.006102000",
- "dns.id": "0x000004cf",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "144",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5058",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.27"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.42"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3074",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3074",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3074",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3074",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3074",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3074",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3074",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3074",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3074",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2603",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "7144",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.154"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.94": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1916",
- "dns.resp.len": "4",
- "dns.a": "165.254.16.94"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 23.67.56.213": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1982",
- "dns.resp.len": "4",
- "dns.a": "23.67.56.213"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.175": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4391",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.175"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "6944",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.150"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.177": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2526",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.177"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.243": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2629",
- "dns.resp.len": "4",
- "dns.a": "165.254.134.243"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "74",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 02:07:52.881831000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508490472.881831000",
- "frame.time_delta": "1.602333000",
- "frame.time_delta_displayed": "900.006028000",
- "frame.time_relative": "32760.476627000",
- "frame.number": "31269",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x0000ce88",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000ea34",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "38554",
- "udp.dstport": "53",
- "udp.port": "38554",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x0000c24d",
- "udp.checksum.status": "2",
- "udp.stream": "343"
- },
- "dns": {
- "dns.response_in": "31270",
- "dns.id": "0x000004d0",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 02:07:52.891762000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508490472.891762000",
- "frame.time_delta": "0.009931000",
- "frame.time_delta_displayed": "0.009931000",
- "frame.time_relative": "32760.486558000",
- "frame.number": "31270",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x00000e5c",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000a8ac",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "38554",
- "udp.port": "53",
- "udp.port": "38554",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "343"
- },
- "dns": {
- "dns.response_to": "31269",
- "dns.time": "0.009931000",
- "dns.id": "0x000004d0",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "144",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4158",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.42"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.27"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2174",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2174",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2174",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2174",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2174",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2174",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2174",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2174",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2174",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1703",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "6244",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.154"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.94": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1016",
- "dns.resp.len": "4",
- "dns.a": "165.254.16.94"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 23.67.56.213": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1082",
- "dns.resp.len": "4",
- "dns.a": "23.67.56.213"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.175": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3491",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.175"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "6044",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.150"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.177": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1626",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.177"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.243": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1729",
- "dns.resp.len": "4",
- "dns.a": "165.254.134.243"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5177",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 02:22:52.901114000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508491372.901114000",
- "frame.time_delta": "1.849865000",
- "frame.time_delta_displayed": "900.009352000",
- "frame.time_relative": "33660.495910000",
- "frame.number": "32056",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x00004594",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00007329",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "33202",
- "udp.dstport": "53",
- "udp.port": "33202",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x0000d734",
- "udp.checksum.status": "2",
- "udp.stream": "348"
- },
- "dns": {
- "dns.response_in": "32057",
- "dns.id": "0x000004d1",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 02:22:52.972380000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508491372.972380000",
- "frame.time_delta": "0.071266000",
- "frame.time_delta_displayed": "0.071266000",
- "frame.time_relative": "33660.567176000",
- "frame.number": "32057",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x00002997",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00008d71",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "33202",
- "udp.port": "53",
- "udp.port": "33202",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "348"
- },
- "dns": {
- "dns.response_to": "32056",
- "dns.time": "0.071266000",
- "dns.id": "0x000004d1",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "120",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1617",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.27"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.42"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1191",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1191",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1191",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1191",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1191",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1191",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1191",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1191",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1191",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2514",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1218",
- "dns.resp.len": "4",
- "dns.a": "204.1.137.41"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.155": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1726",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.155"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 204.2.166.155": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1922",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.155"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 204.2.166.151": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4820",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.151"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 23.67.56.215": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2567",
- "dns.resp.len": "4",
- "dns.a": "23.67.56.215"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.151": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2380",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.151"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.155": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "425",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.155"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "202",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 02:33:22.349285000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508492002.349285000",
- "frame.time_delta": "0.837648000",
- "frame.time_delta_displayed": "629.376905000",
- "frame.time_relative": "34289.944081000",
- "frame.number": "32626",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x0000f99e",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000bf1b",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "52881",
- "udp.dstport": "53",
- "udp.port": "52881",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x0000f1d9",
- "udp.checksum.status": "2",
- "udp.stream": "352"
- },
- "dns": {
- "dns.response_in": "32627",
- "dns.id": "0x000004d2",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 02:33:22.351230000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508492002.351230000",
- "frame.time_delta": "0.001945000",
- "frame.time_delta_displayed": "0.001945000",
- "frame.time_relative": "34289.946026000",
- "frame.number": "32627",
- "frame.len": "137",
- "frame.cap_len": "137",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "123",
- "ip.id": "0x0000ba2d",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000fe52",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "52881",
- "udp.port": "53",
- "udp.port": "52881",
- "udp.length": "103",
- "udp.checksum": "0x0000826a",
- "udp.checksum.status": "2",
- "udp.stream": "352"
- },
- "dns": {
- "dns.response_to": "32626",
- "dns.time": "0.001945000",
- "dns.id": "0x000004d2",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "1",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- },
- "Authoritative nameservers": {
- "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "6",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3220",
- "dns.resp.len": "46",
- "dns.soa.mname": "ns1.ext.philips.com",
- "dns.soa.rname": "ddi-authority.philips.com",
- "dns.soa.serial_number": "387",
- "dns.soa.refresh_interval": "1200",
- "dns.soa.retry_interval": "300",
- "dns.soa.expire_limit": "1209600",
- "dns.soa.mininum_ttl": "3600"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 02:33:22.352051000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508492002.352051000",
- "frame.time_delta": "0.000821000",
- "frame.time_delta_displayed": "0.000821000",
- "frame.time_relative": "34289.946847000",
- "frame.number": "32628",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x0000f99f",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000bf1a",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "43337",
- "udp.dstport": "53",
- "udp.port": "43337",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x00003221",
- "udp.checksum.status": "2",
- "udp.stream": "353"
- },
- "dns": {
- "dns.response_in": "32629",
- "dns.id": "0x000004d3",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 02:33:22.392543000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508492002.392543000",
- "frame.time_delta": "0.040492000",
- "frame.time_delta_displayed": "0.040492000",
- "frame.time_relative": "34289.987339000",
- "frame.number": "32629",
- "frame.len": "285",
- "frame.cap_len": "285",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "271",
- "ip.id": "0x0000ba30",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000fdbb",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "43337",
- "udp.port": "53",
- "udp.port": "43337",
- "udp.length": "251",
- "udp.checksum": "0x000082fe",
- "udp.checksum.status": "2",
- "udp.stream": "353"
- },
- "dns": {
- "dns.response_to": "32628",
- "dns.time": "0.040492000",
- "dns.id": "0x000004d3",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "1",
- "dns.count.auth_rr": "3",
- "dns.count.add_rr": "6",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
- "dns.resp.name": "dcp.cpp.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3220",
- "dns.resp.len": "4",
- "dns.a": "5.79.62.93"
- }
- },
- "Authoritative nameservers": {
- "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1411",
- "dns.resp.len": "10",
- "dns.ns": "ns3.ext.philips.com"
- },
- "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1411",
- "dns.resp.len": "6",
- "dns.ns": "ns2.ext.philips.com"
- },
- "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1411",
- "dns.resp.len": "6",
- "dns.ns": "ns1.ext.philips.com"
- }
- },
- "Additional records": {
- "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
- "dns.resp.name": "ns1.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "171851",
- "dns.resp.len": "4",
- "dns.a": "57.67.40.20"
- },
- "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
- "dns.resp.name": "ns2.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "142774",
- "dns.resp.len": "4",
- "dns.a": "57.77.21.76"
- },
- "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
- "dns.resp.name": "ns3.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "142774",
- "dns.resp.len": "4",
- "dns.a": "57.73.36.68"
- },
- "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
- "dns.resp.name": "ns1.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "161029",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
- },
- "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
- "dns.resp.name": "ns2.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "32751",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
- },
- "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
- "dns.resp.name": "ns3.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "32751",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 02:33:22.810223000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508492002.810223000",
- "frame.time_delta": "0.001028000",
- "frame.time_delta_displayed": "0.417680000",
- "frame.time_relative": "34290.405019000",
- "frame.number": "32645",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x0000f9af",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000bf0a",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "54367",
- "udp.dstport": "53",
- "udp.port": "54367",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x0000ec09",
- "udp.checksum.status": "2",
- "udp.stream": "354"
- },
- "dns": {
- "dns.response_in": "32646",
- "dns.id": "0x000004d4",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 02:33:22.810817000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508492002.810817000",
- "frame.time_delta": "0.000594000",
- "frame.time_delta_displayed": "0.000594000",
- "frame.time_relative": "34290.405613000",
- "frame.number": "32646",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x0000ba35",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000fe84",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "54367",
- "udp.port": "53",
- "udp.port": "54367",
- "udp.length": "45",
- "udp.checksum": "0x00008230",
- "udp.checksum.status": "2",
- "udp.stream": "354"
- },
- "dns": {
- "dns.response_to": "32645",
- "dns.time": "0.000594000",
- "dns.id": "0x000004d4",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 02:33:22.811626000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508492002.811626000",
- "frame.time_delta": "0.000809000",
- "frame.time_delta_displayed": "0.000809000",
- "frame.time_relative": "34290.406422000",
- "frame.number": "32647",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x0000f9b0",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000bf09",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "39432",
- "udp.dstport": "53",
- "udp.port": "39432",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x00004160",
- "udp.checksum.status": "2",
- "udp.stream": "355"
- },
- "dns": {
- "dns.response_in": "32648",
- "dns.id": "0x000004d5",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 02:33:22.812191000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508492002.812191000",
- "frame.time_delta": "0.000565000",
- "frame.time_delta_displayed": "0.000565000",
- "frame.time_relative": "34290.406987000",
- "frame.number": "32648",
- "frame.len": "95",
- "frame.cap_len": "95",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "81",
- "ip.id": "0x0000ba36",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000fe73",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "39432",
- "udp.port": "53",
- "udp.port": "39432",
- "udp.length": "61",
- "udp.checksum": "0x00008240",
- "udp.checksum.status": "2",
- "udp.stream": "355"
- },
- "dns": {
- "dns.response_to": "32647",
- "dns.time": "0.000565000",
- "dns.id": "0x000004d5",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "1",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
- "dns.resp.name": "dcp.cpp.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3220",
- "dns.resp.len": "4",
- "dns.a": "5.79.62.93"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 02:37:53.011030000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508492273.011030000",
- "frame.time_delta": "0.622307000",
- "frame.time_delta_displayed": "270.198839000",
- "frame.time_relative": "34560.605826000",
- "frame.number": "32884",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x0000400c",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x000078b1",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "44772",
- "udp.dstport": "53",
- "udp.port": "44772",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x0000a9fd",
- "udp.checksum.status": "2",
- "udp.stream": "356"
- },
- "dns": {
- "dns.response_in": "32885",
- "dns.id": "0x000004d6",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 02:37:53.016866000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508492273.016866000",
- "frame.time_delta": "0.005836000",
- "frame.time_delta_displayed": "0.005836000",
- "frame.time_relative": "34560.611662000",
- "frame.number": "32885",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x0000c41b",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000f2ec",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "44772",
- "udp.port": "53",
- "udp.port": "44772",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "356"
- },
- "dns": {
- "dns.response_to": "32884",
- "dns.time": "0.005836000",
- "dns.id": "0x000004d6",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "143",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2357",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.27"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.42"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "373",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "373",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "373",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "373",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "373",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "373",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "373",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "373",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "373",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3904",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4443",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.154"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.175": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "7217",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.175"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.174": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3284",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.174"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.175": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1690",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.175"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4243",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.150"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.154": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3827",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.154"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5929",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.158"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3376",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 02:52:53.027071000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508493173.027071000",
- "frame.time_delta": "3.719993000",
- "frame.time_delta_displayed": "900.010205000",
- "frame.time_relative": "35460.621867000",
- "frame.number": "33758",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x000044d0",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x000073ed",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "54661",
- "udp.dstport": "53",
- "udp.port": "54661",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x0000835b",
- "udp.checksum.status": "2",
- "udp.stream": "360"
- },
- "dns": {
- "dns.response_in": "33759",
- "dns.id": "0x000004d7",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 02:52:53.101742000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508493173.101742000",
- "frame.time_delta": "0.074671000",
- "frame.time_delta_displayed": "0.074671000",
- "frame.time_relative": "35460.696538000",
- "frame.number": "33759",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x0000f93b",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000bdcc",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "54661",
- "udp.port": "53",
- "udp.port": "54661",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "360"
- },
- "dns": {
- "dns.response_to": "33758",
- "dns.time": "0.074671000",
- "dns.id": "0x000004d7",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "300",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1457",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.27"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.42"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3473",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3473",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3473",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3473",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3473",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3473",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3473",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3473",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3473",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3004",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3543",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.154"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.175": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "6317",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.175"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.174": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2384",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.174"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.175": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "790",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.175"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3343",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.150"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.154": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2927",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.154"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5029",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.158"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2476",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 03:07:53.107570000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508494073.107570000",
- "frame.time_delta": "7.786097000",
- "frame.time_delta_displayed": "900.005828000",
- "frame.time_relative": "36360.702366000",
- "frame.number": "34517",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x0000f210",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000c6ac",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "49914",
- "udp.dstport": "53",
- "udp.port": "49914",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x000095e5",
- "udp.checksum.status": "2",
- "udp.stream": "368"
- },
- "dns": {
- "dns.response_in": "34518",
- "dns.id": "0x000004d8",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 03:07:53.114086000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508494073.114086000",
- "frame.time_delta": "0.006516000",
- "frame.time_delta_displayed": "0.006516000",
- "frame.time_relative": "36360.708882000",
- "frame.number": "34518",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x0000cccb",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000ea3c",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "49914",
- "udp.port": "53",
- "udp.port": "49914",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "368"
- },
- "dns": {
- "dns.response_to": "34517",
- "dns.time": "0.006516000",
- "dns.id": "0x000004d8",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "143",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "557",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.27"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.42"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2573",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2573",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2573",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2573",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2573",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2573",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2573",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2573",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2573",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2104",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2643",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.154"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.175": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5417",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.175"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.174": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1484",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.174"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.225": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5891",
- "dns.resp.len": "4",
- "dns.a": "209.18.46.225"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2443",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.150"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.154": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2027",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.154"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4129",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.158"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1576",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 03:22:53.123990000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508494973.123990000",
- "frame.time_delta": "1.660357000",
- "frame.time_delta_displayed": "900.009904000",
- "frame.time_relative": "37260.718786000",
- "frame.number": "35283",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x000001f8",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000b6c5",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "44922",
- "udp.dstport": "53",
- "udp.port": "44922",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x0000a964",
- "udp.checksum.status": "2",
- "udp.stream": "372"
- },
- "dns": {
- "dns.response_in": "35284",
- "dns.id": "0x000004d9",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 03:22:53.134103000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508494973.134103000",
- "frame.time_delta": "0.010113000",
- "frame.time_delta_displayed": "0.010113000",
- "frame.time_relative": "37260.728899000",
- "frame.number": "35284",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x000006d5",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000b033",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "44922",
- "udp.port": "53",
- "udp.port": "44922",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "372"
- },
- "dns": {
- "dns.response_to": "35283",
- "dns.time": "0.010113000",
- "dns.id": "0x000004d9",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "144",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "21444",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.42"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.27"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1673",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1673",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1673",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1673",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1673",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1673",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1673",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1673",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1673",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1204",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1743",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.154"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.175": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4517",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.175"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.174": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "584",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.174"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.225": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4991",
- "dns.resp.len": "4",
- "dns.a": "209.18.46.225"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1543",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.150"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.154": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1127",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.154"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3229",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.158"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "676",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 03:33:22.916241000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508495602.916241000",
- "frame.time_delta": "3.559096000",
- "frame.time_delta_displayed": "629.782138000",
- "frame.time_relative": "37890.511037000",
- "frame.number": "35811",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x00007ba1",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00003d19",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "49663",
- "udp.dstport": "53",
- "udp.port": "49663",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x0000fe63",
- "udp.checksum.status": "2",
- "udp.stream": "376"
- },
- "dns": {
- "dns.response_in": "35812",
- "dns.id": "0x000004da",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 03:33:22.918183000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508495602.918183000",
- "frame.time_delta": "0.001942000",
- "frame.time_delta_displayed": "0.001942000",
- "frame.time_relative": "37890.512979000",
- "frame.number": "35812",
- "frame.len": "137",
- "frame.cap_len": "137",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "123",
- "ip.id": "0x0000d276",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000e609",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "49663",
- "udp.port": "53",
- "udp.port": "49663",
- "udp.length": "103",
- "udp.checksum": "0x0000826a",
- "udp.checksum.status": "2",
- "udp.stream": "376"
- },
- "dns": {
- "dns.response_to": "35811",
- "dns.time": "0.001942000",
- "dns.id": "0x000004da",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "1",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- },
- "Authoritative nameservers": {
- "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "6",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1787",
- "dns.resp.len": "46",
- "dns.soa.mname": "ns1.ext.philips.com",
- "dns.soa.rname": "ddi-authority.philips.com",
- "dns.soa.serial_number": "387",
- "dns.soa.refresh_interval": "1200",
- "dns.soa.retry_interval": "300",
- "dns.soa.expire_limit": "1209600",
- "dns.soa.mininum_ttl": "3600"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 03:33:22.920557000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508495602.920557000",
- "frame.time_delta": "0.002374000",
- "frame.time_delta_displayed": "0.002374000",
- "frame.time_relative": "37890.515353000",
- "frame.number": "35813",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x00007ba2",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00003d18",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "33688",
- "udp.dstport": "53",
- "udp.port": "33688",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x000057ca",
- "udp.checksum.status": "2",
- "udp.stream": "377"
- },
- "dns": {
- "dns.response_in": "35814",
- "dns.id": "0x000004db",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 03:33:22.922284000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508495602.922284000",
- "frame.time_delta": "0.001727000",
- "frame.time_delta_displayed": "0.001727000",
- "frame.time_relative": "37890.517080000",
- "frame.number": "35814",
- "frame.len": "285",
- "frame.cap_len": "285",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "271",
- "ip.id": "0x0000d277",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000e574",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "33688",
- "udp.port": "53",
- "udp.port": "33688",
- "udp.length": "251",
- "udp.checksum": "0x000082fe",
- "udp.checksum.status": "2",
- "udp.stream": "377"
- },
- "dns": {
- "dns.response_to": "35813",
- "dns.time": "0.001727000",
- "dns.id": "0x000004db",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "1",
- "dns.count.auth_rr": "3",
- "dns.count.add_rr": "6",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
- "dns.resp.name": "dcp.cpp.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2989",
- "dns.resp.len": "4",
- "dns.a": "5.79.62.93"
- }
- },
- "Authoritative nameservers": {
- "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1787",
- "dns.resp.len": "10",
- "dns.ns": "ns3.ext.philips.com"
- },
- "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1787",
- "dns.resp.len": "6",
- "dns.ns": "ns1.ext.philips.com"
- },
- "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1787",
- "dns.resp.len": "6",
- "dns.ns": "ns2.ext.philips.com"
- }
- },
- "Additional records": {
- "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
- "dns.resp.name": "ns1.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "119008",
- "dns.resp.len": "4",
- "dns.a": "57.67.40.20"
- },
- "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
- "dns.resp.name": "ns2.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "143726",
- "dns.resp.len": "4",
- "dns.a": "57.77.21.76"
- },
- "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
- "dns.resp.name": "ns3.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "143726",
- "dns.resp.len": "4",
- "dns.a": "57.73.36.68"
- },
- "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
- "dns.resp.name": "ns1.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "122627",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
- },
- "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
- "dns.resp.name": "ns2.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "115200",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
- },
- "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
- "dns.resp.name": "ns3.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "115200",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 03:33:23.341511000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508495603.341511000",
- "frame.time_delta": "0.001324000",
- "frame.time_delta_displayed": "0.419227000",
- "frame.time_relative": "37890.936307000",
- "frame.number": "35830",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x00007bba",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00003d00",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "36096",
- "udp.dstport": "53",
- "udp.port": "36096",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x00003361",
- "udp.checksum.status": "2",
- "udp.stream": "378"
- },
- "dns": {
- "dns.response_in": "35831",
- "dns.id": "0x000004dc",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 03:33:23.341806000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508495603.341806000",
- "frame.time_delta": "0.000295000",
- "frame.time_delta_displayed": "0.000295000",
- "frame.time_relative": "37890.936602000",
- "frame.number": "35831",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x0000d284",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000e635",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "36096",
- "udp.port": "53",
- "udp.port": "36096",
- "udp.length": "45",
- "udp.checksum": "0x00008230",
- "udp.checksum.status": "2",
- "udp.stream": "378"
- },
- "dns": {
- "dns.response_to": "35830",
- "dns.time": "0.000295000",
- "dns.id": "0x000004dc",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 03:33:23.342577000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508495603.342577000",
- "frame.time_delta": "0.000771000",
- "frame.time_delta_displayed": "0.000771000",
- "frame.time_relative": "37890.937373000",
- "frame.number": "35832",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x00007bbb",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00003cff",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "49358",
- "udp.dstport": "53",
- "udp.port": "49358",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x00001a92",
- "udp.checksum.status": "2",
- "udp.stream": "379"
- },
- "dns": {
- "dns.response_in": "35833",
- "dns.id": "0x000004dd",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 03:33:23.342908000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508495603.342908000",
- "frame.time_delta": "0.000331000",
- "frame.time_delta_displayed": "0.000331000",
- "frame.time_relative": "37890.937704000",
- "frame.number": "35833",
- "frame.len": "95",
- "frame.cap_len": "95",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "81",
- "ip.id": "0x0000d285",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000e624",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "49358",
- "udp.port": "53",
- "udp.port": "49358",
- "udp.length": "61",
- "udp.checksum": "0x00008240",
- "udp.checksum.status": "2",
- "udp.stream": "379"
- },
- "dns": {
- "dns.response_to": "35832",
- "dns.time": "0.000331000",
- "dns.id": "0x000004dd",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "1",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
- "dns.resp.name": "dcp.cpp.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2988",
- "dns.resp.len": "4",
- "dns.a": "5.79.62.93"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 03:37:53.142390000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508495873.142390000",
- "frame.time_delta": "3.770169000",
- "frame.time_delta_displayed": "269.799482000",
- "frame.time_relative": "38160.737186000",
- "frame.number": "36053",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x0000d08e",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000e82e",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "36775",
- "udp.dstport": "53",
- "udp.port": "36775",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x0000c932",
- "udp.checksum.status": "2",
- "udp.stream": "380"
- },
- "dns": {
- "dns.response_in": "36054",
- "dns.id": "0x000004de",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 03:37:53.148990000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508495873.148990000",
- "frame.time_delta": "0.006600000",
- "frame.time_delta_displayed": "0.006600000",
- "frame.time_relative": "38160.743786000",
- "frame.number": "36054",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x0000fff7",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000b710",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "36775",
- "udp.port": "53",
- "udp.port": "36775",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "380"
- },
- "dns": {
- "dns.response_to": "36053",
- "dns.time": "0.006600000",
- "dns.id": "0x000004de",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "144",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20544",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.27"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.42"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "773",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "773",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "773",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "773",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "773",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "773",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "773",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "773",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "773",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "304",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "843",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.154"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.175": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3617",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.175"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3691",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.108"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.225": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4091",
- "dns.resp.len": "4",
- "dns.a": "209.18.46.225"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "643",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.150"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.154": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "227",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.154"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2329",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.158"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5779",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 03:52:53.157944000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508496773.157944000",
- "frame.time_delta": "0.549528000",
- "frame.time_delta_displayed": "900.008954000",
- "frame.time_relative": "39060.752740000",
- "frame.number": "36810",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x0000fe35",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000ba87",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "58619",
- "udp.dstport": "53",
- "udp.port": "58619",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x000073dd",
- "udp.checksum.status": "2",
- "udp.stream": "384"
- },
- "dns": {
- "dns.response_in": "36811",
- "dns.id": "0x000004df",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 03:52:53.164664000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508496773.164664000",
- "frame.time_delta": "0.006720000",
- "frame.time_delta_displayed": "0.006720000",
- "frame.time_relative": "39060.759460000",
- "frame.number": "36811",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x00004af7",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00006c11",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "58619",
- "udp.port": "53",
- "udp.port": "58619",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "384"
- },
- "dns": {
- "dns.response_to": "36810",
- "dns.time": "0.006720000",
- "dns.id": "0x000004df",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "144",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "19644",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.27"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.42"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3873",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3873",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3873",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3873",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3873",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3873",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3873",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3873",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3873",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3407",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 96.17.70.173": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "7948",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.173"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.175": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2717",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.175"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2791",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.108"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.225": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3191",
- "dns.resp.len": "4",
- "dns.a": "209.18.46.225"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 209.18.46.218": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "7745",
- "dns.resp.len": "4",
- "dns.a": "209.18.46.218"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.131": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3330",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.131"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1429",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.158"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4879",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 04:07:53.171491000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508497673.171491000",
- "frame.time_delta": "3.380707000",
- "frame.time_delta_displayed": "900.006827000",
- "frame.time_relative": "39960.766287000",
- "frame.number": "37558",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x00001426",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000a497",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "46109",
- "udp.dstport": "53",
- "udp.port": "46109",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x0000a4ba",
- "udp.checksum.status": "2",
- "udp.stream": "388"
- },
- "dns": {
- "dns.response_in": "37559",
- "dns.id": "0x000004e0",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 04:07:53.178025000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508497673.178025000",
- "frame.time_delta": "0.006534000",
- "frame.time_delta_displayed": "0.006534000",
- "frame.time_relative": "39960.772821000",
- "frame.number": "37559",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x0000d1c0",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000e547",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "46109",
- "udp.port": "53",
- "udp.port": "46109",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "388"
- },
- "dns": {
- "dns.response_to": "37558",
- "dns.time": "0.006534000",
- "dns.id": "0x000004e0",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "121",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "16919",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.27"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.42"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2890",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2890",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2890",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2890",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2890",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2890",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2890",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2890",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2890",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "220",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.233": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2919",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.233"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3429",
- "dns.resp.len": "4",
- "dns.a": "204.1.137.41"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3625",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.108"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.217": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4526",
- "dns.resp.len": "4",
- "dns.a": "209.18.46.217"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 209.18.46.223": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4270",
- "dns.resp.len": "4",
- "dns.a": "209.18.46.223"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 209.18.46.221": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "83",
- "dns.resp.len": "4",
- "dns.a": "209.18.46.221"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "127",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.108"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5928",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 04:22:53.188284000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508498573.188284000",
- "frame.time_delta": "2.605383000",
- "frame.time_delta_displayed": "900.010259000",
- "frame.time_relative": "40860.783080000",
- "frame.number": "38342",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x00001f18",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x000099a5",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "55484",
- "udp.dstport": "53",
- "udp.port": "55484",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x0000801a",
- "udp.checksum.status": "2",
- "udp.stream": "397"
- },
- "dns": {
- "dns.response_in": "38343",
- "dns.id": "0x000004e1",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 04:22:53.198461000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508498573.198461000",
- "frame.time_delta": "0.010177000",
- "frame.time_delta_displayed": "0.010177000",
- "frame.time_relative": "40860.793257000",
- "frame.number": "38343",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x00000c8c",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000aa7c",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "55484",
- "udp.port": "53",
- "udp.port": "55484",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "397"
- },
- "dns": {
- "dns.response_to": "38342",
- "dns.time": "0.010177000",
- "dns.id": "0x000004e1",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "121",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "16019",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.27"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.42"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1990",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1990",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1990",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1990",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1990",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1990",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1990",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1990",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1990",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3326",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.233": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2019",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.233"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2529",
- "dns.resp.len": "4",
- "dns.a": "204.1.137.41"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2725",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.108"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.217": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3626",
- "dns.resp.len": "4",
- "dns.a": "209.18.46.217"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 209.18.46.223": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3370",
- "dns.resp.len": "4",
- "dns.a": "209.18.46.223"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 173.197.192.232": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3208",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.232"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 96.17.70.173": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5231",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.173"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5028",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 04:33:23.646883000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508499203.646883000",
- "frame.time_delta": "3.475755000",
- "frame.time_delta_displayed": "630.448422000",
- "frame.time_relative": "41491.241679000",
- "frame.number": "38816",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x0000984f",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000206b",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "49413",
- "udp.dstport": "53",
- "udp.port": "49413",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x0000ff55",
- "udp.checksum.status": "2",
- "udp.stream": "398"
- },
- "dns": {
- "dns.response_in": "38817",
- "dns.id": "0x000004e2",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 04:33:23.648923000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508499203.648923000",
- "frame.time_delta": "0.002040000",
- "frame.time_delta_displayed": "0.002040000",
- "frame.time_relative": "41491.243719000",
- "frame.number": "38817",
- "frame.len": "137",
- "frame.cap_len": "137",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "123",
- "ip.id": "0x000050e3",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000679d",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "49413",
- "udp.port": "53",
- "udp.port": "49413",
- "udp.length": "103",
- "udp.checksum": "0x0000826a",
- "udp.checksum.status": "2",
- "udp.stream": "398"
- },
- "dns": {
- "dns.response_to": "38816",
- "dns.time": "0.002040000",
- "dns.id": "0x000004e2",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "1",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- },
- "Authoritative nameservers": {
- "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "6",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1786",
- "dns.resp.len": "46",
- "dns.soa.mname": "ns1.ext.philips.com",
- "dns.soa.rname": "ddi-authority.philips.com",
- "dns.soa.serial_number": "387",
- "dns.soa.refresh_interval": "1200",
- "dns.soa.retry_interval": "300",
- "dns.soa.expire_limit": "1209600",
- "dns.soa.mininum_ttl": "3600"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 04:33:23.651769000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508499203.651769000",
- "frame.time_delta": "0.002846000",
- "frame.time_delta_displayed": "0.002846000",
- "frame.time_relative": "41491.246565000",
- "frame.number": "38818",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x00009850",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000206a",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "36635",
- "udp.dstport": "53",
- "udp.port": "36635",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x00004c3f",
- "udp.checksum.status": "2",
- "udp.stream": "399"
- },
- "dns": {
- "dns.response_in": "38819",
- "dns.id": "0x000004e3",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 04:33:23.653376000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508499203.653376000",
- "frame.time_delta": "0.001607000",
- "frame.time_delta_displayed": "0.001607000",
- "frame.time_relative": "41491.248172000",
- "frame.number": "38819",
- "frame.len": "285",
- "frame.cap_len": "285",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "271",
- "ip.id": "0x000050e4",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00006708",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "36635",
- "udp.port": "53",
- "udp.port": "36635",
- "udp.length": "251",
- "udp.checksum": "0x000082fe",
- "udp.checksum.status": "2",
- "udp.stream": "399"
- },
- "dns": {
- "dns.response_to": "38818",
- "dns.time": "0.001607000",
- "dns.id": "0x000004e3",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "1",
- "dns.count.auth_rr": "3",
- "dns.count.add_rr": "6",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
- "dns.resp.name": "dcp.cpp.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2989",
- "dns.resp.len": "4",
- "dns.a": "5.79.62.93"
- }
- },
- "Authoritative nameservers": {
- "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1786",
- "dns.resp.len": "10",
- "dns.ns": "ns1.ext.philips.com"
- },
- "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1786",
- "dns.resp.len": "6",
- "dns.ns": "ns2.ext.philips.com"
- },
- "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1786",
- "dns.resp.len": "6",
- "dns.ns": "ns3.ext.philips.com"
- }
- },
- "Additional records": {
- "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
- "dns.resp.name": "ns1.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "115407",
- "dns.resp.len": "4",
- "dns.a": "57.67.40.20"
- },
- "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
- "dns.resp.name": "ns2.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "140125",
- "dns.resp.len": "4",
- "dns.a": "57.77.21.76"
- },
- "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
- "dns.resp.name": "ns3.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "140125",
- "dns.resp.len": "4",
- "dns.a": "57.73.36.68"
- },
- "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
- "dns.resp.name": "ns1.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "119026",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
- },
- "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
- "dns.resp.name": "ns2.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "111599",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
- },
- "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
- "dns.resp.name": "ns3.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "111599",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 04:33:24.064209000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508499204.064209000",
- "frame.time_delta": "0.000887000",
- "frame.time_delta_displayed": "0.410833000",
- "frame.time_relative": "41491.659005000",
- "frame.number": "38835",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x00009876",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00002044",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "44523",
- "udp.dstport": "53",
- "udp.port": "44523",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x0000126e",
- "udp.checksum.status": "2",
- "udp.stream": "400"
- },
- "dns": {
- "dns.response_in": "38836",
- "dns.id": "0x000004e4",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 04:33:24.064806000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508499204.064806000",
- "frame.time_delta": "0.000597000",
- "frame.time_delta_displayed": "0.000597000",
- "frame.time_relative": "41491.659602000",
- "frame.number": "38836",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x00005106",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x000067b4",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "44523",
- "udp.port": "53",
- "udp.port": "44523",
- "udp.length": "45",
- "udp.checksum": "0x00008230",
- "udp.checksum.status": "2",
- "udp.stream": "400"
- },
- "dns": {
- "dns.response_to": "38835",
- "dns.time": "0.000597000",
- "dns.id": "0x000004e4",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 04:33:24.065754000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508499204.065754000",
- "frame.time_delta": "0.000948000",
- "frame.time_delta_displayed": "0.000948000",
- "frame.time_relative": "41491.660550000",
- "frame.number": "38837",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x00009877",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00002043",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "44144",
- "udp.dstport": "53",
- "udp.port": "44144",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x00002ee8",
- "udp.checksum.status": "2",
- "udp.stream": "401"
- },
- "dns": {
- "dns.response_in": "38838",
- "dns.id": "0x000004e5",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 04:33:24.066174000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508499204.066174000",
- "frame.time_delta": "0.000420000",
- "frame.time_delta_displayed": "0.000420000",
- "frame.time_relative": "41491.660970000",
- "frame.number": "38838",
- "frame.len": "95",
- "frame.cap_len": "95",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "81",
- "ip.id": "0x00005107",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x000067a3",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "44144",
- "udp.port": "53",
- "udp.port": "44144",
- "udp.length": "61",
- "udp.checksum": "0x00008240",
- "udp.checksum.status": "2",
- "udp.stream": "401"
- },
- "dns": {
- "dns.response_to": "38837",
- "dns.time": "0.000420000",
- "dns.id": "0x000004e5",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "1",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
- "dns.resp.name": "dcp.cpp.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2988",
- "dns.resp.len": "4",
- "dns.a": "5.79.62.93"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 04:37:53.206495000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508499473.206495000",
- "frame.time_delta": "0.549295000",
- "frame.time_delta_displayed": "269.140321000",
- "frame.time_relative": "41760.801291000",
- "frame.number": "39097",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x0000dbe6",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000dcd6",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "45662",
- "udp.dstport": "53",
- "udp.port": "45662",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x0000a673",
- "udp.checksum.status": "2",
- "udp.stream": "405"
- },
- "dns": {
- "dns.response_in": "39098",
- "dns.id": "0x000004e6",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 04:37:53.212525000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508499473.212525000",
- "frame.time_delta": "0.006030000",
- "frame.time_delta_displayed": "0.006030000",
- "frame.time_relative": "41760.807321000",
- "frame.number": "39098",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x0000808b",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000367d",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "45662",
- "udp.port": "53",
- "udp.port": "45662",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "405"
- },
- "dns": {
- "dns.response_to": "39097",
- "dns.time": "0.006030000",
- "dns.id": "0x000004e6",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "121",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "15119",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.27"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.42"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1090",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1090",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1090",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1090",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1090",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1090",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1090",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1090",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1090",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2426",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.233": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1119",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.233"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1629",
- "dns.resp.len": "4",
- "dns.a": "204.1.137.41"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1825",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.108"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.217": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2726",
- "dns.resp.len": "4",
- "dns.a": "209.18.46.217"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 209.18.46.223": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2470",
- "dns.resp.len": "4",
- "dns.a": "209.18.46.223"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 173.197.192.232": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2308",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.232"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 96.17.70.173": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4331",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.173"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4128",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 04:52:53.219299000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508500373.219299000",
- "frame.time_delta": "3.495831000",
- "frame.time_delta_displayed": "900.006774000",
- "frame.time_relative": "42660.814095000",
- "frame.number": "39806",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x00005dbd",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00005b00",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "40448",
- "udp.dstport": "53",
- "udp.port": "40448",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x0000bad0",
- "udp.checksum.status": "2",
- "udp.stream": "409"
- },
- "dns": {
- "dns.response_in": "39807",
- "dns.id": "0x000004e7",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 04:52:53.225624000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508500373.225624000",
- "frame.time_delta": "0.006325000",
- "frame.time_delta_displayed": "0.006325000",
- "frame.time_relative": "42660.820420000",
- "frame.number": "39807",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x0000ac16",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00000af2",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "40448",
- "udp.port": "53",
- "udp.port": "40448",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "409"
- },
- "dns": {
- "dns.response_to": "39806",
- "dns.time": "0.006325000",
- "dns.id": "0x000004e7",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "122",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "14219",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.42"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.27"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "190",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "190",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "190",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "190",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "190",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "190",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "190",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "190",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "190",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1526",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.233": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "219",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.233"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "729",
- "dns.resp.len": "4",
- "dns.a": "204.1.137.41"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "925",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.108"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.217": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1826",
- "dns.resp.len": "4",
- "dns.a": "209.18.46.217"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 209.18.46.223": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1570",
- "dns.resp.len": "4",
- "dns.a": "209.18.46.223"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 173.197.192.232": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1408",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.232"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 96.17.70.173": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3431",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.173"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3228",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 05:07:53.234776000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508501273.234776000",
- "frame.time_delta": "0.078020000",
- "frame.time_delta_displayed": "900.009152000",
- "frame.time_relative": "43560.829572000",
- "frame.number": "40624",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x00006faa",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00004913",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "56663",
- "udp.dstport": "53",
- "udp.port": "56663",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x00007b78",
- "udp.checksum.status": "2",
- "udp.stream": "410"
- },
- "dns": {
- "dns.response_in": "40625",
- "dns.id": "0x000004e8",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 05:07:53.240805000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508501273.240805000",
- "frame.time_delta": "0.006029000",
- "frame.time_delta_displayed": "0.006029000",
- "frame.time_relative": "43560.835601000",
- "frame.number": "40625",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x0000456f",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00007199",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "56663",
- "udp.port": "53",
- "udp.port": "56663",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "410"
- },
- "dns": {
- "dns.response_to": "40624",
- "dns.time": "0.006029000",
- "dns.id": "0x000004e8",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "122",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "13319",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.42"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.27"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3298",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3298",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3298",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3298",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3298",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3298",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3298",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3298",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3298",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "626",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "7320",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.109"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "7830",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.109"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "25",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.108"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.217": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "926",
- "dns.resp.len": "4",
- "dns.a": "209.18.46.217"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 209.18.46.223": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "670",
- "dns.resp.len": "4",
- "dns.a": "209.18.46.223"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 173.197.192.232": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "508",
- "dns.resp.len": "4",
- "dns.a": "173.197.192.232"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 96.17.70.173": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2531",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.173"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2328",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 05:22:53.251101000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508502173.251101000",
- "frame.time_delta": "2.791011000",
- "frame.time_delta_displayed": "900.010296000",
- "frame.time_relative": "44460.845897000",
- "frame.number": "41391",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x0000c79b",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000f121",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "47619",
- "udp.dstport": "53",
- "udp.port": "47619",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x00009ecb",
- "udp.checksum.status": "2",
- "udp.stream": "417"
- },
- "dns": {
- "dns.response_in": "41392",
- "dns.id": "0x000004e9",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 05:22:53.257780000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508502173.257780000",
- "frame.time_delta": "0.006679000",
- "frame.time_delta_displayed": "0.006679000",
- "frame.time_relative": "44460.852576000",
- "frame.number": "41392",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x00002ab8",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00008c50",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "47619",
- "udp.port": "53",
- "udp.port": "47619",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "417"
- },
- "dns": {
- "dns.response_to": "41391",
- "dns.time": "0.006679000",
- "dns.id": "0x000004e9",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "122",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "12419",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.42"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.27"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2398",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2398",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2398",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2398",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2398",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2398",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2398",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2398",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2398",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3749",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "6420",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.109"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "6930",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.109"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.133": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3133",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.133"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.217": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "26",
- "dns.resp.len": "4",
- "dns.a": "209.18.46.217"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "7774",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.158"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3612",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.150"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 96.17.70.173": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1631",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.173"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1428",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 05:33:22.354168000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508502802.354168000",
- "frame.time_delta": "7.493030000",
- "frame.time_delta_displayed": "629.096388000",
- "frame.time_relative": "45089.948964000",
- "frame.number": "41927",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x00004173",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00007747",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "36484",
- "udp.dstport": "53",
- "udp.port": "36484",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x000031cf",
- "udp.checksum.status": "2",
- "udp.stream": "422"
- },
- "dns": {
- "dns.response_in": "41928",
- "dns.id": "0x000004ea",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 05:33:22.356157000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508502802.356157000",
- "frame.time_delta": "0.001989000",
- "frame.time_delta_displayed": "0.001989000",
- "frame.time_relative": "45089.950953000",
- "frame.number": "41928",
- "frame.len": "137",
- "frame.cap_len": "137",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "123",
- "ip.id": "0x00009f4a",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00001936",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "36484",
- "udp.port": "53",
- "udp.port": "36484",
- "udp.length": "103",
- "udp.checksum": "0x0000826a",
- "udp.checksum.status": "2",
- "udp.stream": "422"
- },
- "dns": {
- "dns.response_to": "41927",
- "dns.time": "0.001989000",
- "dns.id": "0x000004ea",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "1",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- },
- "Authoritative nameservers": {
- "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "6",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1",
- "dns.resp.len": "46",
- "dns.soa.mname": "ns1.ext.philips.com",
- "dns.soa.rname": "ddi-authority.philips.com",
- "dns.soa.serial_number": "387",
- "dns.soa.refresh_interval": "1200",
- "dns.soa.retry_interval": "300",
- "dns.soa.expire_limit": "1209600",
- "dns.soa.mininum_ttl": "3600"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 05:33:22.357016000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508502802.357016000",
- "frame.time_delta": "0.000859000",
- "frame.time_delta_displayed": "0.000859000",
- "frame.time_relative": "45089.951812000",
- "frame.number": "41929",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x00004174",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00007746",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "37527",
- "udp.dstport": "53",
- "udp.port": "37527",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x000048bb",
- "udp.checksum.status": "2",
- "udp.stream": "423"
- },
- "dns": {
- "dns.response_in": "41930",
- "dns.id": "0x000004eb",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 05:33:22.358502000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508502802.358502000",
- "frame.time_delta": "0.001486000",
- "frame.time_delta_displayed": "0.001486000",
- "frame.time_relative": "45089.953298000",
- "frame.number": "41930",
- "frame.len": "285",
- "frame.cap_len": "285",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "271",
- "ip.id": "0x00009f4b",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x000018a1",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "37527",
- "udp.port": "53",
- "udp.port": "37527",
- "udp.length": "251",
- "udp.checksum": "0x000082fe",
- "udp.checksum.status": "2",
- "udp.stream": "423"
- },
- "dns": {
- "dns.response_to": "41929",
- "dns.time": "0.001486000",
- "dns.id": "0x000004eb",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "1",
- "dns.count.auth_rr": "3",
- "dns.count.add_rr": "6",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
- "dns.resp.name": "dcp.cpp.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "413",
- "dns.resp.len": "4",
- "dns.a": "5.79.62.93"
- }
- },
- "Authoritative nameservers": {
- "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2799",
- "dns.resp.len": "10",
- "dns.ns": "ns2.ext.philips.com"
- },
- "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2799",
- "dns.resp.len": "6",
- "dns.ns": "ns3.ext.philips.com"
- },
- "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2799",
- "dns.resp.len": "6",
- "dns.ns": "ns1.ext.philips.com"
- }
- },
- "Additional records": {
- "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
- "dns.resp.name": "ns1.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "161051",
- "dns.resp.len": "4",
- "dns.a": "57.67.40.20"
- },
- "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
- "dns.resp.name": "ns2.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "131974",
- "dns.resp.len": "4",
- "dns.a": "57.77.21.76"
- },
- "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
- "dns.resp.name": "ns3.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "131974",
- "dns.resp.len": "4",
- "dns.a": "57.73.36.68"
- },
- "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
- "dns.resp.name": "ns1.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "150229",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
- },
- "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
- "dns.resp.name": "ns2.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "21951",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
- },
- "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
- "dns.resp.name": "ns3.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "21951",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 05:33:22.769938000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508502802.769938000",
- "frame.time_delta": "0.000959000",
- "frame.time_delta_displayed": "0.411436000",
- "frame.time_relative": "45090.364734000",
- "frame.number": "41946",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x0000418a",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00007730",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "35698",
- "udp.dstport": "53",
- "udp.port": "35698",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x000034df",
- "udp.checksum.status": "2",
- "udp.stream": "424"
- },
- "dns": {
- "dns.response_in": "41947",
- "dns.id": "0x000004ec",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 05:33:22.770497000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508502802.770497000",
- "frame.time_delta": "0.000559000",
- "frame.time_delta_displayed": "0.000559000",
- "frame.time_relative": "45090.365293000",
- "frame.number": "41947",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x00009f51",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00001969",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "35698",
- "udp.port": "53",
- "udp.port": "35698",
- "udp.length": "45",
- "udp.checksum": "0x00008230",
- "udp.checksum.status": "2",
- "udp.stream": "424"
- },
- "dns": {
- "dns.response_to": "41946",
- "dns.time": "0.000559000",
- "dns.id": "0x000004ec",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 05:33:22.771306000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508502802.771306000",
- "frame.time_delta": "0.000809000",
- "frame.time_delta_displayed": "0.000809000",
- "frame.time_relative": "45090.366102000",
- "frame.number": "41948",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x0000418b",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000772f",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "59480",
- "udp.dstport": "53",
- "udp.port": "59480",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x0000f2f7",
- "udp.checksum.status": "2",
- "udp.stream": "425"
- },
- "dns": {
- "dns.response_in": "41949",
- "dns.id": "0x000004ed",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 05:33:22.771826000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508502802.771826000",
- "frame.time_delta": "0.000520000",
- "frame.time_delta_displayed": "0.000520000",
- "frame.time_relative": "45090.366622000",
- "frame.number": "41949",
- "frame.len": "95",
- "frame.cap_len": "95",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "81",
- "ip.id": "0x00009f52",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00001958",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "59480",
- "udp.port": "53",
- "udp.port": "59480",
- "udp.length": "61",
- "udp.checksum": "0x00008240",
- "udp.checksum.status": "2",
- "udp.stream": "425"
- },
- "dns": {
- "dns.response_to": "41948",
- "dns.time": "0.000520000",
- "dns.id": "0x000004ed",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "1",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
- "dns.resp.name": "dcp.cpp.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "413",
- "dns.resp.len": "4",
- "dns.a": "5.79.62.93"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 05:37:53.266045000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508503073.266045000",
- "frame.time_delta": "2.473971000",
- "frame.time_delta_displayed": "270.494219000",
- "frame.time_relative": "45360.860841000",
- "frame.number": "42165",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x00006f25",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00004998",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "45073",
- "udp.dstport": "53",
- "udp.port": "45073",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x0000a8b8",
- "udp.checksum.status": "2",
- "udp.stream": "426"
- },
- "dns": {
- "dns.response_in": "42166",
- "dns.id": "0x000004ee",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 05:37:53.344536000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508503073.344536000",
- "frame.time_delta": "0.078491000",
- "frame.time_delta_displayed": "0.078491000",
- "frame.time_relative": "45360.939332000",
- "frame.number": "42166",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x0000a957",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00000db1",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "45073",
- "udp.port": "53",
- "udp.port": "45073",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "426"
- },
- "dns": {
- "dns.response_to": "42165",
- "dns.time": "0.078491000",
- "dns.id": "0x000004ee",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "300",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "13344",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.42"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.27"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1573",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1573",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1573",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1573",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1573",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1573",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1573",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1573",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1573",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1109",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 96.17.70.173": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1648",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.173"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.131": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4418",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.131"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 209.18.46.223": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "492",
- "dns.resp.len": "4",
- "dns.a": "209.18.46.223"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.225": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2893",
- "dns.resp.len": "4",
- "dns.a": "209.18.46.225"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 209.18.46.218": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1445",
- "dns.resp.len": "4",
- "dns.a": "209.18.46.218"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.133": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1033",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.133"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 96.17.70.173": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1131",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.173"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4587",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 05:52:53.349738000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508503973.349738000",
- "frame.time_delta": "0.133221000",
- "frame.time_delta_displayed": "900.005202000",
- "frame.time_relative": "46260.944534000",
- "frame.number": "42899",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x00003ed9",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x000079e4",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "37008",
- "udp.dstport": "53",
- "udp.port": "37008",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x0000c838",
- "udp.checksum.status": "2",
- "udp.stream": "430"
- },
- "dns": {
- "dns.response_in": "42900",
- "dns.id": "0x000004ef",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 05:52:53.356337000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508503973.356337000",
- "frame.time_delta": "0.006599000",
- "frame.time_delta_displayed": "0.006599000",
- "frame.time_relative": "46260.951133000",
- "frame.number": "42900",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x0000f284",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000c483",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "37008",
- "udp.port": "53",
- "udp.port": "37008",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "430"
- },
- "dns": {
- "dns.response_to": "42899",
- "dns.time": "0.006599000",
- "dns.id": "0x000004ef",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "123",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "10619",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.42"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.27"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "598",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "598",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "598",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "598",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "598",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "598",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "598",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "598",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "598",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1949",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4620",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.109"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5130",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.109"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.133": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1333",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.133"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 204.2.166.157": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4233",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.157"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5974",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.158"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1812",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.150"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 165.254.157.167": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5834",
- "dns.resp.len": "4",
- "dns.a": "165.254.157.167"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5629",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 06:07:53.361739000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508504873.361739000",
- "frame.time_delta": "3.522645000",
- "frame.time_delta_displayed": "900.005402000",
- "frame.time_relative": "47160.956535000",
- "frame.number": "43627",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x00002003",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x000098ba",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "32771",
- "udp.dstport": "53",
- "udp.port": "32771",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x0000d8c4",
- "udp.checksum.status": "2",
- "udp.stream": "434"
- },
- "dns": {
- "dns.response_in": "43628",
- "dns.id": "0x000004f0",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 06:07:53.369270000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508504873.369270000",
- "frame.time_delta": "0.007531000",
- "frame.time_delta_displayed": "0.007531000",
- "frame.time_relative": "47160.964066000",
- "frame.number": "43628",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x0000dd37",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000d9d0",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "32771",
- "udp.port": "53",
- "udp.port": "32771",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "434"
- },
- "dns": {
- "dns.response_to": "43627",
- "dns.time": "0.007531000",
- "dns.id": "0x000004f0",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "126",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "9719",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.125"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.112"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3700",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3700",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3700",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3700",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3700",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3700",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3700",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3700",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3700",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1049",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3720",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.109"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4230",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.109"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.133": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "433",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.133"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 204.2.166.157": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3333",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.157"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5074",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.158"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "912",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.150"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 165.254.157.167": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4934",
- "dns.resp.len": "4",
- "dns.a": "165.254.157.167"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4729",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 06:22:53.379501000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508505773.379501000",
- "frame.time_delta": "5.573394000",
- "frame.time_delta_displayed": "900.010231000",
- "frame.time_relative": "48060.974297000",
- "frame.number": "44377",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x0000ea56",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000ce66",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "47638",
- "udp.dstport": "53",
- "udp.port": "47638",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x00009eb0",
- "udp.checksum.status": "2",
- "udp.stream": "438"
- },
- "dns": {
- "dns.response_in": "44378",
- "dns.id": "0x000004f1",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 06:22:53.386242000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508505773.386242000",
- "frame.time_delta": "0.006741000",
- "frame.time_delta_displayed": "0.006741000",
- "frame.time_relative": "48060.981038000",
- "frame.number": "44378",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x000016a1",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000a067",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "47638",
- "udp.port": "53",
- "udp.port": "47638",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "438"
- },
- "dns": {
- "dns.response_to": "44377",
- "dns.time": "0.006741000",
- "dns.id": "0x000004f1",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "126",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "8819",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.27"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "184.84.242.42"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2800",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2800",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2800",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2800",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2800",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2800",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2800",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2800",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2800",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "149",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2820",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.109"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3330",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.109"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.192": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3537",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.192"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 204.2.166.157": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2433",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.157"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4174",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.158"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "12",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.150"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 165.254.157.167": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4034",
- "dns.resp.len": "4",
- "dns.a": "165.254.157.167"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3829",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 06:33:22.946788000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508506402.946788000",
- "frame.time_delta": "0.766058000",
- "frame.time_delta_displayed": "629.560546000",
- "frame.time_relative": "48690.541584000",
- "frame.number": "44868",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x0000bdc8",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000faf1",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "34522",
- "udp.dstport": "53",
- "udp.port": "34522",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x00003971",
- "udp.checksum.status": "2",
- "udp.stream": "444"
- },
- "dns": {
- "dns.response_in": "44869",
- "dns.id": "0x000004f2",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 06:33:22.948908000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508506402.948908000",
- "frame.time_delta": "0.002120000",
- "frame.time_delta_displayed": "0.002120000",
- "frame.time_relative": "48690.543704000",
- "frame.number": "44869",
- "frame.len": "137",
- "frame.cap_len": "137",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "123",
- "ip.id": "0x00005bc7",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00005cb9",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "34522",
- "udp.port": "53",
- "udp.port": "34522",
- "udp.length": "103",
- "udp.checksum": "0x0000826a",
- "udp.checksum.status": "2",
- "udp.stream": "444"
- },
- "dns": {
- "dns.response_to": "44868",
- "dns.time": "0.002120000",
- "dns.id": "0x000004f2",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "1",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- },
- "Authoritative nameservers": {
- "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "6",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "413",
- "dns.resp.len": "46",
- "dns.soa.mname": "ns1.ext.philips.com",
- "dns.soa.rname": "ddi-authority.philips.com",
- "dns.soa.serial_number": "387",
- "dns.soa.refresh_interval": "1200",
- "dns.soa.retry_interval": "300",
- "dns.soa.expire_limit": "1209600",
- "dns.soa.mininum_ttl": "3600"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 06:33:22.950083000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508506402.950083000",
- "frame.time_delta": "0.001175000",
- "frame.time_delta_displayed": "0.001175000",
- "frame.time_relative": "48690.544879000",
- "frame.number": "44870",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x0000bdc9",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000faf0",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "33646",
- "udp.dstport": "53",
- "udp.port": "33646",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x000057dc",
- "udp.checksum.status": "2",
- "udp.stream": "445"
- },
- "dns": {
- "dns.response_in": "44871",
- "dns.id": "0x000004f3",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 06:33:22.951622000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508506402.951622000",
- "frame.time_delta": "0.001539000",
- "frame.time_delta_displayed": "0.001539000",
- "frame.time_relative": "48690.546418000",
- "frame.number": "44871",
- "frame.len": "285",
- "frame.cap_len": "285",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "271",
- "ip.id": "0x00005bc8",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00005c24",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "33646",
- "udp.port": "53",
- "udp.port": "33646",
- "udp.length": "251",
- "udp.checksum": "0x000082fe",
- "udp.checksum.status": "2",
- "udp.stream": "445"
- },
- "dns": {
- "dns.response_to": "44870",
- "dns.time": "0.001539000",
- "dns.id": "0x000004f3",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "1",
- "dns.count.auth_rr": "3",
- "dns.count.add_rr": "6",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
- "dns.resp.name": "dcp.cpp.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "413",
- "dns.resp.len": "4",
- "dns.a": "5.79.62.93"
- }
- },
- "Authoritative nameservers": {
- "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2799",
- "dns.resp.len": "10",
- "dns.ns": "ns1.ext.philips.com"
- },
- "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2799",
- "dns.resp.len": "6",
- "dns.ns": "ns3.ext.philips.com"
- },
- "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2799",
- "dns.resp.len": "6",
- "dns.ns": "ns2.ext.philips.com"
- }
- },
- "Additional records": {
- "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
- "dns.resp.name": "ns1.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "157451",
- "dns.resp.len": "4",
- "dns.a": "57.67.40.20"
- },
- "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
- "dns.resp.name": "ns2.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "128374",
- "dns.resp.len": "4",
- "dns.a": "57.77.21.76"
- },
- "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
- "dns.resp.name": "ns3.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "128374",
- "dns.resp.len": "4",
- "dns.a": "57.73.36.68"
- },
- "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
- "dns.resp.name": "ns1.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "146629",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
- },
- "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
- "dns.resp.name": "ns2.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "18351",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
- },
- "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
- "dns.resp.name": "ns3.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "18351",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 06:33:23.416488000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508506403.416488000",
- "frame.time_delta": "0.000964000",
- "frame.time_delta_displayed": "0.464866000",
- "frame.time_relative": "48691.011284000",
- "frame.number": "44887",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x0000bddb",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000fade",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "59813",
- "udp.dstport": "53",
- "udp.port": "59813",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x0000d6a3",
- "udp.checksum.status": "2",
- "udp.stream": "446"
- },
- "dns": {
- "dns.response_in": "44888",
- "dns.id": "0x000004f4",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 06:33:23.416961000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508506403.416961000",
- "frame.time_delta": "0.000473000",
- "frame.time_delta_displayed": "0.000473000",
- "frame.time_relative": "48691.011757000",
- "frame.number": "44888",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x00005bce",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00005cec",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "59813",
- "udp.port": "53",
- "udp.port": "59813",
- "udp.length": "45",
- "udp.checksum": "0x00008230",
- "udp.checksum.status": "2",
- "udp.stream": "446"
- },
- "dns": {
- "dns.response_to": "44887",
- "dns.time": "0.000473000",
- "dns.id": "0x000004f4",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 06:33:23.417890000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508506403.417890000",
- "frame.time_delta": "0.000929000",
- "frame.time_delta_displayed": "0.000929000",
- "frame.time_relative": "48691.012686000",
- "frame.number": "44889",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x0000bddc",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000fadd",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "44681",
- "udp.dstport": "53",
- "udp.port": "44681",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x00002cbf",
- "udp.checksum.status": "2",
- "udp.stream": "447"
- },
- "dns": {
- "dns.response_in": "44890",
- "dns.id": "0x000004f5",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 06:33:23.418452000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508506403.418452000",
- "frame.time_delta": "0.000562000",
- "frame.time_delta_displayed": "0.000562000",
- "frame.time_relative": "48691.013248000",
- "frame.number": "44890",
- "frame.len": "95",
- "frame.cap_len": "95",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "81",
- "ip.id": "0x00005bcf",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00005cdb",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "44681",
- "udp.port": "53",
- "udp.port": "44681",
- "udp.length": "61",
- "udp.checksum": "0x00008240",
- "udp.checksum.status": "2",
- "udp.stream": "447"
- },
- "dns": {
- "dns.response_to": "44889",
- "dns.time": "0.000562000",
- "dns.id": "0x000004f5",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "1",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
- "dns.resp.name": "dcp.cpp.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "412",
- "dns.resp.len": "4",
- "dns.a": "5.79.62.93"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 06:37:53.397275000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508506673.397275000",
- "frame.time_delta": "0.977714000",
- "frame.time_delta_displayed": "269.978823000",
- "frame.time_relative": "48960.992071000",
- "frame.number": "45164",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x0000f463",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000c459",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53189",
- "udp.dstport": "53",
- "udp.port": "53189",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x000088fc",
- "udp.checksum.status": "2",
- "udp.stream": "449"
- },
- "dns": {
- "dns.response_in": "45165",
- "dns.id": "0x000004f6",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 06:37:53.407078000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508506673.407078000",
- "frame.time_delta": "0.009803000",
- "frame.time_delta_displayed": "0.009803000",
- "frame.time_relative": "48961.001874000",
- "frame.number": "45165",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x0000adc8",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00000940",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "53189",
- "udp.port": "53",
- "udp.port": "53189",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "449"
- },
- "dns": {
- "dns.response_to": "45164",
- "dns.time": "0.009803000",
- "dns.id": "0x000004f6",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "127",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "7919",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.112"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.125"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1900",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1900",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1900",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1900",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1900",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1900",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1900",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1900",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1900",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3256",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1920",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.109"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2430",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.109"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.192": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2637",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.192"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 204.2.166.157": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1533",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.157"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3274",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.158"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3115",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.188"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 165.254.157.167": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3134",
- "dns.resp.len": "4",
- "dns.a": "165.254.157.167"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2929",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 06:52:53.416716000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508507573.416716000",
- "frame.time_delta": "1.378707000",
- "frame.time_delta_displayed": "900.009638000",
- "frame.time_relative": "49861.011512000",
- "frame.number": "45902",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x000028c2",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00008ffb",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53544",
- "udp.dstport": "53",
- "udp.port": "53544",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x00008798",
- "udp.checksum.status": "2",
- "udp.stream": "454"
- },
- "dns": {
- "dns.response_in": "45903",
- "dns.id": "0x000004f7",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 06:52:53.422982000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508507573.422982000",
- "frame.time_delta": "0.006266000",
- "frame.time_delta_displayed": "0.006266000",
- "frame.time_relative": "49861.017778000",
- "frame.number": "45903",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x0000f786",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000bf81",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "53544",
- "udp.port": "53",
- "udp.port": "53544",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "454"
- },
- "dns": {
- "dns.response_to": "45902",
- "dns.time": "0.006266000",
- "dns.id": "0x000004f7",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "127",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "7019",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.112"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.125"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1000",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1000",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1000",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1000",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1000",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1000",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1000",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1000",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1000",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2356",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1020",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.109"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1530",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.109"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.192": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1737",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.192"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 204.2.166.157": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "633",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.157"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2374",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.158"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2215",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.188"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 165.254.157.167": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2234",
- "dns.resp.len": "4",
- "dns.a": "165.254.157.167"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2029",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 07:07:53.431212000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508508473.431212000",
- "frame.time_delta": "2.092085000",
- "frame.time_delta_displayed": "900.008230000",
- "frame.time_relative": "50761.026008000",
- "frame.number": "46613",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x00000dff",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000aabe",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "34206",
- "udp.dstport": "53",
- "udp.port": "34206",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x0000d321",
- "udp.checksum.status": "2",
- "udp.stream": "458"
- },
- "dns": {
- "dns.response_in": "46614",
- "dns.id": "0x000004f8",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 07:07:53.437633000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508508473.437633000",
- "frame.time_delta": "0.006421000",
- "frame.time_delta_displayed": "0.006421000",
- "frame.time_relative": "50761.032429000",
- "frame.number": "46614",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x00004f64",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x000067a4",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "34206",
- "udp.port": "53",
- "udp.port": "34206",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "458"
- },
- "dns": {
- "dns.response_to": "46613",
- "dns.time": "0.006421000",
- "dns.id": "0x000004f8",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "127",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "6119",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.125"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.112"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "100",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "100",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "100",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "100",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "100",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "100",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "100",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "100",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "100",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1456",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "120",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.109"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "630",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.109"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.192": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "837",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.192"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.207": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5740",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.207"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1474",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.158"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1315",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.188"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 165.254.157.167": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1334",
- "dns.resp.len": "4",
- "dns.a": "165.254.157.167"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "1129",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 07:22:53.445298000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508509373.445298000",
- "frame.time_delta": "4.162550000",
- "frame.time_delta_displayed": "900.007665000",
- "frame.time_relative": "51661.040094000",
- "frame.number": "47529",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x00001618",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000a2a5",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "37517",
- "udp.dstport": "53",
- "udp.port": "37517",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x0000c631",
- "udp.checksum.status": "2",
- "udp.stream": "459"
- },
- "dns": {
- "dns.response_in": "47530",
- "dns.id": "0x000004f9",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 07:22:53.451560000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508509373.451560000",
- "frame.time_delta": "0.006262000",
- "frame.time_delta_displayed": "0.006262000",
- "frame.time_relative": "51661.046356000",
- "frame.number": "47530",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x0000879c",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00002f6c",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "37517",
- "udp.port": "53",
- "udp.port": "37517",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "459"
- },
- "dns": {
- "dns.response_to": "47529",
- "dns.time": "0.006262000",
- "dns.id": "0x000004f9",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "127",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5219",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.112"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.125"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3203",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3203",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3203",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3203",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3203",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3203",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3203",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3203",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3203",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "556",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 96.17.70.191": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "7221",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.191"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 165.254.146.244": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "7733",
- "dns.resp.len": "4",
- "dns.a": "165.254.146.244"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3938",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.109"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.207": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4840",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.207"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "574",
- "dns.resp.len": "4",
- "dns.a": "204.2.166.158"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "415",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.188"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 165.254.157.167": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "434",
- "dns.resp.len": "4",
- "dns.a": "165.254.157.167"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "229",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 07:33:23.445057000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508510003.445057000",
- "frame.time_delta": "7.984590000",
- "frame.time_delta_displayed": "629.993497000",
- "frame.time_relative": "52291.039853000",
- "frame.number": "48058",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x0000fb5d",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000bd5c",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "54194",
- "udp.dstport": "53",
- "udp.port": "54194",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x0000ec90",
- "udp.checksum.status": "2",
- "udp.stream": "463"
- },
- "dns": {
- "dns.response_in": "48059",
- "dns.id": "0x000004fa",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 07:33:23.447069000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508510003.447069000",
- "frame.time_delta": "0.002012000",
- "frame.time_delta_displayed": "0.002012000",
- "frame.time_relative": "52291.041865000",
- "frame.number": "48059",
- "frame.len": "137",
- "frame.cap_len": "137",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "123",
- "ip.id": "0x000001dc",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000b6a4",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "54194",
- "udp.port": "53",
- "udp.port": "54194",
- "udp.length": "103",
- "udp.checksum": "0x0000826a",
- "udp.checksum.status": "2",
- "udp.stream": "463"
- },
- "dns": {
- "dns.response_to": "48058",
- "dns.time": "0.002012000",
- "dns.id": "0x000004fa",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "1",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- },
- "Authoritative nameservers": {
- "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "6",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "412",
- "dns.resp.len": "46",
- "dns.soa.mname": "ns1.ext.philips.com",
- "dns.soa.rname": "ddi-authority.philips.com",
- "dns.soa.serial_number": "387",
- "dns.soa.refresh_interval": "1200",
- "dns.soa.retry_interval": "300",
- "dns.soa.expire_limit": "1209600",
- "dns.soa.mininum_ttl": "3600"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 07:33:23.447897000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508510003.447897000",
- "frame.time_delta": "0.000828000",
- "frame.time_delta_displayed": "0.000828000",
- "frame.time_relative": "52291.042693000",
- "frame.number": "48060",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x0000fb5e",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000bd5b",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "35295",
- "udp.dstport": "53",
- "udp.port": "35295",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x00005163",
- "udp.checksum.status": "2",
- "udp.stream": "464"
- },
- "dns": {
- "dns.response_in": "48061",
- "dns.id": "0x000004fb",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 07:33:23.449477000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508510003.449477000",
- "frame.time_delta": "0.001580000",
- "frame.time_delta_displayed": "0.001580000",
- "frame.time_relative": "52291.044273000",
- "frame.number": "48061",
- "frame.len": "285",
- "frame.cap_len": "285",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "271",
- "ip.id": "0x000001dd",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000b60f",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "35295",
- "udp.port": "53",
- "udp.port": "35295",
- "udp.length": "251",
- "udp.checksum": "0x000082fe",
- "udp.checksum.status": "2",
- "udp.stream": "464"
- },
- "dns": {
- "dns.response_to": "48060",
- "dns.time": "0.001580000",
- "dns.id": "0x000004fb",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "1",
- "dns.count.auth_rr": "3",
- "dns.count.add_rr": "6",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
- "dns.resp.name": "dcp.cpp.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "412",
- "dns.resp.len": "4",
- "dns.a": "5.79.62.93"
- }
- },
- "Authoritative nameservers": {
- "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2798",
- "dns.resp.len": "10",
- "dns.ns": "ns2.ext.philips.com"
- },
- "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2798",
- "dns.resp.len": "6",
- "dns.ns": "ns3.ext.philips.com"
- },
- "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
- "dns.resp.name": "cpp.philips.com",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2798",
- "dns.resp.len": "6",
- "dns.ns": "ns1.ext.philips.com"
- }
- },
- "Additional records": {
- "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
- "dns.resp.name": "ns1.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "153850",
- "dns.resp.len": "4",
- "dns.a": "57.67.40.20"
- },
- "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
- "dns.resp.name": "ns2.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "124773",
- "dns.resp.len": "4",
- "dns.a": "57.77.21.76"
- },
- "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
- "dns.resp.name": "ns3.ext.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "124773",
- "dns.resp.len": "4",
- "dns.a": "57.73.36.68"
- },
- "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
- "dns.resp.name": "ns1.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "143028",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
- },
- "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
- "dns.resp.name": "ns2.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "14750",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
- },
- "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
- "dns.resp.name": "ns3.ext.philips.com",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "14750",
- "dns.resp.len": "16",
- "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 07:33:23.865101000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508510003.865101000",
- "frame.time_delta": "0.001627000",
- "frame.time_delta_displayed": "0.415624000",
- "frame.time_relative": "52291.459897000",
- "frame.number": "48078",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x0000fb69",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000bd50",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "56468",
- "udp.dstport": "53",
- "udp.port": "56468",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x0000e3ac",
- "udp.checksum.status": "2",
- "udp.stream": "465"
- },
- "dns": {
- "dns.response_in": "48079",
- "dns.id": "0x000004fc",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 07:33:23.865672000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508510003.865672000",
- "frame.time_delta": "0.000571000",
- "frame.time_delta_displayed": "0.000571000",
- "frame.time_relative": "52291.460468000",
- "frame.number": "48079",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x000001de",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000b6dc",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "56468",
- "udp.port": "53",
- "udp.port": "56468",
- "udp.length": "45",
- "udp.checksum": "0x00008230",
- "udp.checksum.status": "2",
- "udp.stream": "465"
- },
- "dns": {
- "dns.response_to": "48078",
- "dns.time": "0.000571000",
- "dns.id": "0x000004fc",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type AAAA, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "28",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 07:33:23.866499000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508510003.866499000",
- "frame.time_delta": "0.000827000",
- "frame.time_delta_displayed": "0.000827000",
- "frame.time_relative": "52291.461295000",
- "frame.number": "48080",
- "frame.len": "79",
- "frame.cap_len": "79",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "65",
- "ip.id": "0x0000fb6a",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000bd4f",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "42815",
- "udp.dstport": "53",
- "udp.port": "42815",
- "udp.port": "53",
- "udp.length": "45",
- "udp.checksum": "0x00003401",
- "udp.checksum.status": "2",
- "udp.stream": "466"
- },
- "dns": {
- "dns.response_in": "48081",
- "dns.id": "0x000004fd",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 07:33:23.867228000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508510003.867228000",
- "frame.time_delta": "0.000729000",
- "frame.time_delta_displayed": "0.000729000",
- "frame.time_relative": "52291.462024000",
- "frame.number": "48081",
- "frame.len": "95",
- "frame.cap_len": "95",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "81",
- "ip.id": "0x000001df",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000b6cb",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "42815",
- "udp.port": "53",
- "udp.port": "42815",
- "udp.length": "61",
- "udp.checksum": "0x00008240",
- "udp.checksum.status": "2",
- "udp.stream": "466"
- },
- "dns": {
- "dns.response_to": "48080",
- "dns.time": "0.000729000",
- "dns.id": "0x000004fd",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "1",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "dcp.cpp.philips.com: type A, class IN": {
- "dns.qry.name": "dcp.cpp.philips.com",
- "dns.qry.name.len": "19",
- "dns.count.labels": "4",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
- "dns.resp.name": "dcp.cpp.philips.com",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "412",
- "dns.resp.len": "4",
- "dns.a": "5.79.62.93"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 07:37:53.461226000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508510273.461226000",
- "frame.time_delta": "5.280384000",
- "frame.time_delta_displayed": "269.593998000",
- "frame.time_relative": "52561.056022000",
- "frame.number": "48304",
- "frame.len": "76",
- "frame.cap_len": "76",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.dst_tree": {
- "eth.dst_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "00:17:88:69:ee:e4",
- "eth.src_tree": {
- "eth.src_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "62",
- "ip.id": "0x00000e4c",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x0000aa71",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.src_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "ip.dst": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.dst_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "49801",
- "udp.dstport": "53",
- "udp.port": "49801",
- "udp.port": "53",
- "udp.length": "42",
- "udp.checksum": "0x00009630",
- "udp.checksum.status": "2",
- "udp.stream": "467"
- },
- "dns": {
- "dns.response_in": "48305",
- "dns.id": "0x000004fe",
- "dns.flags": "0x00000100",
- "dns.flags_tree": {
- "dns.flags.response": "0",
- "dns.flags.opcode": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.z": "0",
- "dns.flags.checkdisable": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "0",
- "dns.count.auth_rr": "0",
- "dns.count.add_rr": "0",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- }
- }
- }
- }
- }
- ,
- {
- "_index": "packets-2017-10-26",
- "_type": "pcap_file",
- "_score": null,
- "_source": {
- "layers": {
- "frame": {
- "frame.encap_type": "1",
- "frame.time": "Oct 20, 2017 07:37:53.467660000 PDT",
- "frame.offset_shift": "0.000000000",
- "frame.time_epoch": "1508510273.467660000",
- "frame.time_delta": "0.006434000",
- "frame.time_delta_displayed": "0.006434000",
- "frame.time_relative": "52561.062456000",
- "frame.number": "48305",
- "frame.len": "513",
- "frame.cap_len": "513",
- "frame.marked": "0",
- "frame.ignored": "0",
- "frame.protocols": "eth:ethertype:ip:udp:dns",
- "frame.coloring_rule.name": "UDP",
- "frame.coloring_rule.string": "udp"
- },
- "eth": {
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.dst_tree": {
- "eth.dst_resolved": "PhilipsL_69:ee:e4",
- "eth.addr": "00:17:88:69:ee:e4",
- "eth.addr_resolved": "PhilipsL_69:ee:e4",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.src": "b0:b9:8a:73:69:8e",
- "eth.src_tree": {
- "eth.src_resolved": "Netgear_73:69:8e",
- "eth.addr": "b0:b9:8a:73:69:8e",
- "eth.addr_resolved": "Netgear_73:69:8e",
- "eth.lg": "0",
- "eth.ig": "0"
- },
- "eth.type": "0x00000800"
- },
- "ip": {
- "ip.version": "4",
- "ip.hdr_len": "20",
- "ip.dsfield": "0x00000000",
- "ip.dsfield_tree": {
- "ip.dsfield.dscp": "0",
- "ip.dsfield.ecn": "0"
- },
- "ip.len": "499",
- "ip.id": "0x00001912",
- "ip.flags": "0x00000002",
- "ip.flags_tree": {
- "ip.flags.rb": "0",
- "ip.flags.df": "1",
- "ip.flags.mf": "0"
- },
- "ip.frag_offset": "0",
- "ip.ttl": "64",
- "ip.proto": "17",
- "ip.checksum": "0x00009df6",
- "ip.checksum.status": "2",
- "ip.src": "192.168.0.1",
- "ip.addr": "192.168.0.1",
- "ip.src_host": "192.168.0.1",
- "ip.host": "192.168.0.1",
- "ip.dst": "192.168.0.160",
- "ip.addr": "192.168.0.160",
- "ip.dst_host": "192.168.0.160",
- "ip.host": "192.168.0.160",
- "Source GeoIP: Unknown": "",
- "Destination GeoIP: Unknown": ""
- },
- "udp": {
- "udp.srcport": "53",
- "udp.dstport": "49801",
- "udp.port": "53",
- "udp.port": "49801",
- "udp.length": "479",
- "udp.checksum": "0x000083e2",
- "udp.checksum.status": "2",
- "udp.stream": "467"
- },
- "dns": {
- "dns.response_to": "48304",
- "dns.time": "0.006434000",
- "dns.id": "0x000004fe",
- "dns.flags": "0x00008180",
- "dns.flags_tree": {
- "dns.flags.response": "1",
- "dns.flags.opcode": "0",
- "dns.flags.authoritative": "0",
- "dns.flags.truncated": "0",
- "dns.flags.recdesired": "1",
- "dns.flags.recavail": "1",
- "dns.flags.z": "0",
- "dns.flags.authenticated": "0",
- "dns.flags.checkdisable": "0",
- "dns.flags.rcode": "0"
- },
- "dns.count.queries": "1",
- "dns.count.answers": "4",
- "dns.count.auth_rr": "9",
- "dns.count.add_rr": "9",
- "Queries": {
- "www2.meethue.com: type A, class IN": {
- "dns.qry.name": "www2.meethue.com",
- "dns.qry.name.len": "16",
- "dns.count.labels": "3",
- "dns.qry.type": "1",
- "dns.qry.class": "0x00000001"
- }
- },
- "Answers": {
- "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
- "dns.resp.name": "www2.meethue.com",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "128",
- "dns.resp.len": "41",
- "dns.cname": "brands.lighting.philips.com.edgekey.net"
- },
- "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
- "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
- "dns.resp.type": "5",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "4319",
- "dns.resp.len": "22",
- "dns.cname": "e15361.b.akamaiedge.net"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.125"
- },
- "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
- "dns.resp.name": "e15361.b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "20",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.112"
- }
- },
- "Authoritative nameservers": {
- "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2303",
- "dns.resp.len": "6",
- "dns.ns": "n6b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2303",
- "dns.resp.len": "6",
- "dns.ns": "n2b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2303",
- "dns.resp.len": "6",
- "dns.ns": "a0b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2303",
- "dns.resp.len": "6",
- "dns.ns": "n4b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2303",
- "dns.resp.len": "6",
- "dns.ns": "n5b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2303",
- "dns.resp.len": "6",
- "dns.ns": "n1b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2303",
- "dns.resp.len": "6",
- "dns.ns": "n7b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2303",
- "dns.resp.len": "6",
- "dns.ns": "n3b.akamaiedge.net"
- },
- "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
- "dns.resp.name": "b.akamaiedge.net",
- "dns.resp.type": "2",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "2303",
- "dns.resp.len": "6",
- "dns.ns": "n0b.akamaiedge.net"
- }
- },
- "Additional records": {
- "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
- "dns.resp.name": "n0b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3658",
- "dns.resp.len": "4",
- "dns.a": "88.221.81.192"
- },
- "n1b.akamaiedge.net: type A, class IN, addr 96.17.70.191": {
- "dns.resp.name": "n1b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "6321",
- "dns.resp.len": "4",
- "dns.a": "96.17.70.191"
- },
- "n2b.akamaiedge.net: type A, class IN, addr 165.254.146.244": {
- "dns.resp.name": "n2b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "6833",
- "dns.resp.len": "4",
- "dns.a": "165.254.146.244"
- },
- "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
- "dns.resp.name": "n3b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3038",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.109"
- },
- "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.207": {
- "dns.resp.name": "n4b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3940",
- "dns.resp.len": "4",
- "dns.a": "198.172.88.207"
- },
- "n5b.akamaiedge.net: type A, class IN, addr 173.223.52.131": {
- "dns.resp.name": "n5b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "7681",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.131"
- },
- "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.133": {
- "dns.resp.name": "n6b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "3520",
- "dns.resp.len": "4",
- "dns.a": "173.223.52.133"
- },
- "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
- "dns.resp.name": "n7b.akamaiedge.net",
- "dns.resp.type": "1",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5538",
- "dns.resp.len": "4",
- "dns.a": "204.1.137.41"
- },
- "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
- "dns.resp.name": "a0b.akamaiedge.net",
- "dns.resp.type": "28",
- "dns.resp.class": "0x00000001",
- "dns.resp.ttl": "5335",
- "dns.resp.len": "16",
- "dns.aaaa": "2600:1480:e800::c0"
- }
- }
- }
- }
- }
- }
-]
+++ /dev/null
-#!/usr/bin/python\r
-\r
-"""\r
-Script used to extract only the needed information from JSON packet traces generated by\r
-tshark from PCAPNG format\r
-"""\r
-\r
-import os, sys\r
-import json\r
-import uuid\r
-\r
-from collections import OrderedDict\r
-\r
-json_key_source = "_source"\r
-json_key_layers = "layers"\r
-\r
-json_key_ip = "ip"\r
-json_key_tcp = "tcp"\r
-\r
-json_key_http = "http"\r
-json_key_method = "method"\r
-json_key_uri = "uri"\r
-json_key_headers = "headers"\r
-json_key_host = "host"\r
-\r
-json_key_http_req = json_key_http + ".request."\r
-json_key_http_req_method = json_key_http_req + json_key_method\r
-json_key_http_req_uri = json_key_http_req + json_key_uri\r
-json_key_http_req_line = json_key_http_req + "line"\r
-\r
-json_key_pkt_comment = "pkt_comment"\r
-\r
-json_key_frame = "frame"\r
-json_key_frame_num = json_key_frame + ".number"\r
-json_key_frame_comment = json_key_frame + ".comment"\r
-json_key_frame_ts = json_key_frame + ".time_epoch"\r
-\r
-\r
-JSON_KEY_ETH = "eth"\r
-JSON_KEY_ETH_SRC = "eth.src"\r
-JSON_KEY_ETH_DST = "eth.dst"\r
-\r
-\r
-def make_unique(key, dct):\r
- counter = 0\r
- unique_key = key\r
-\r
- while unique_key in dct:\r
- counter += 1\r
- unique_key = '{}_{}'.format(key, counter)\r
- return unique_key\r
-\r
-\r
-def parse_object_pairs(pairs):\r
- dct = OrderedDict()\r
- for key, value in pairs:\r
- if key in dct:\r
- key = make_unique(key, dct)\r
- dct[key] = value\r
-\r
- return dct\r
-\r
-def change_file(fpath):\r
- for fn in os.listdir(fpath):\r
- full_path = fpath + '/' + fn\r
-\r
- # Recursively go through all directories\r
- if os.path.isdir(full_path):\r
- change_file(full_path)\r
- continue\r
-\r
- print full_path\r
- with open(full_path, "r+") as jf:\r
- # Since certain json 'keys' appear multiple times in our data, we have to make them\r
- # unique first (we can't use regular json.load() or we lose some data points). From:\r
- # https://stackoverflow.com/questions/29321677/python-json-parser-allow-duplicate-keys\r
- decoder = json.JSONDecoder(object_pairs_hook=parse_object_pairs)\r
- pcap_data = decoder.decode(jf.read())\r
-\r
- # Prepare new data structure for re-formatted JSON storage\r
- data = {}\r
- for packet in pcap_data:\r
- layers = packet[json_key_source][json_key_layers]\r
-\r
- # All captured traffic should have a frame + frame number, but check anyway\r
- frame_num = " Frame: "\r
- if json_key_frame not in layers or json_key_frame_num not in layers[json_key_frame]:\r
- print "WARNING: could not find frame number! Using -1..."\r
- frame_num = frame_num + "-1"\r
- else:\r
- # Save frame number for error-reporting\r
- frame_num = frame_num + layers[json_key_frame][json_key_frame_num]\r
-\r
- # All captured traffic should be IP, but check anyway\r
- if not json_key_ip in layers:\r
- print "WARNING: Non-IP traffic detected!" + frame_num\r
- continue\r
-\r
- # For now, focus on HTTP only\r
- if json_key_tcp not in layers or json_key_http not in layers:\r
- continue\r
-\r
- # Fill our new JSON packet with TCP/IP info\r
- new_packet = {}\r
- new_packet["dst_ip"] = layers[json_key_ip][json_key_ip + ".dst"]\r
- new_packet["dst_port"] = int(layers[json_key_tcp][json_key_tcp + ".dstport"])\r
-\r
- # JV: Also include src so we can see what device initiates the traffic\r
- new_packet["src_ip"] = layers[json_key_ip][json_key_ip + ".src"]\r
- new_packet["src_port"] = int(layers[json_key_tcp][json_key_tcp + ".srcport"])\r
- #JV: Also include eth soure/destination info so that we can map traffic to physical device using MAC\r
- new_packet[JSON_KEY_ETH_SRC] = layers[JSON_KEY_ETH][JSON_KEY_ETH_SRC]\r
- new_packet[JSON_KEY_ETH_DST] = layers[JSON_KEY_ETH][JSON_KEY_ETH_DST]\r
-\r
- # Go through all HTTP fields and extract the ones that are needed\r
- http_data = layers[json_key_http]\r
- for http_key in http_data:\r
- http_value = http_data[http_key]\r
-\r
- if http_key.startswith(json_key_http_req_line):\r
- header_line = http_value.split(":", 1)\r
- if len(header_line) != 2:\r
- print ("WARNING: could not parse header '" + str(header_line) + "'"\r
- + frame_num)\r
- continue\r
-\r
- # Prepare container for HTTP headers\r
- if json_key_headers not in new_packet:\r
- new_packet[json_key_headers] = {}\r
-\r
- # Use lower case for header keys to stay consistent with our other data\r
- header_key = header_line[0].lower()\r
-\r
- # Remove the trailing carriage return\r
- header_val = header_line[1].strip()\r
-\r
- # Save the header key-value pair\r
- new_packet[json_key_headers][header_key] = header_val\r
-\r
- # If this is the host header, we also save it to the main object\r
- if header_key == json_key_host:\r
- new_packet[json_key_host] = header_val\r
-\r
- if json_key_http_req_method in http_value:\r
- new_packet[json_key_method] = http_value[json_key_http_req_method]\r
- if json_key_http_req_uri in http_value:\r
- new_packet[json_key_uri] = http_value[json_key_http_req_uri]\r
-\r
- # End of HTTP parsing\r
-\r
- # Check that we found the minimum needed HTTP headers\r
- if (json_key_uri not in new_packet or json_key_method not in new_packet or\r
- json_key_host not in new_packet):\r
- print "Missing some HTTP Headers!" + frame_num\r
- continue\r
-\r
- # Extract timestamp\r
- if json_key_frame_ts not in layers[json_key_frame]:\r
- print "WARNING: could not find timestamp!" + frame_num\r
- continue\r
-\r
- new_packet["ts"] = layers[json_key_frame][json_key_frame_ts]\r
-\r
- # Create a unique key for each packet to keep consistent with ReCon\r
- # Also good in case packets end up in different files\r
- data[str(uuid.uuid4())] = new_packet\r
-\r
- # Write the new data\r
- #print json.dumps(data, sort_keys=True, indent=4)\r
- jf.seek(0)\r
- jf.write(json.dumps(data, sort_keys=True, indent=4))\r
- jf.truncate()\r
-\r
-if __name__ == '__main__':\r
- # Needed to re-use some JSON keys\r
- change_file(sys.argv[1])
\ No newline at end of file
+++ /dev/null
-<?xml version='1.0' encoding='utf-8'?>
-<gexf version="1.2" xmlns="http://www.gexf.net/1.2draft" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.w3.org/2001/XMLSchema-instance">
- <graph defaultedgetype="directed" mode="static" name="">
- <meta>
- <creator>NetworkX 2.0</creator>
- <lastmodified>05/11/2017</lastmodified>
- </meta>
- <nodes>
- <node id="94:10:3e:36:60:09" label="94:10:3e:36:60:09" />
- <node id="d0:52:a8:a3:60:0f" label="d0:52:a8:a3:60:0f" />
- <node id="diagnostics.meethue.com" label="diagnostics.meethue.com" />
- <node id="68:37:e9:d2:26:0d" label="68:37:e9:d2:26:0d" />
- <node id="dcp.cpp.philips.com" label="dcp.cpp.philips.com" />
- <node id="00:17:88:69:ee:e4" label="00:17:88:69:ee:e4" />
- </nodes>
- <edges>
- <edge id="0" source="d0:52:a8:a3:60:0f" target="94:10:3e:36:60:09" />
- <edge id="1" source="68:37:e9:d2:26:0d" target="00:17:88:69:ee:e4" />
- <edge id="2" source="00:17:88:69:ee:e4" target="dcp.cpp.philips.com" />
- <edge id="3" source="00:17:88:69:ee:e4" target="diagnostics.meethue.com" />
- </edges>
- </graph>
-</gexf>
--- /dev/null
+<?xml version='1.0' encoding='utf-8'?>
+<gexf version="1.2" xmlns="http://www.gexf.net/1.2draft" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.w3.org/2001/XMLSchema-instance">
+ <graph defaultedgetype="directed" mode="static" name="">
+ <meta>
+ <creator>NetworkX 2.0</creator>
+ <lastmodified>05/11/2017</lastmodified>
+ </meta>
+ <nodes>
+ <node id="94:10:3e:36:60:09" label="94:10:3e:36:60:09" />
+ <node id="d0:52:a8:a3:60:0f" label="d0:52:a8:a3:60:0f" />
+ <node id="diagnostics.meethue.com" label="diagnostics.meethue.com" />
+ <node id="68:37:e9:d2:26:0d" label="68:37:e9:d2:26:0d" />
+ <node id="dcp.cpp.philips.com" label="dcp.cpp.philips.com" />
+ <node id="00:17:88:69:ee:e4" label="00:17:88:69:ee:e4" />
+ </nodes>
+ <edges>
+ <edge id="0" source="d0:52:a8:a3:60:0f" target="94:10:3e:36:60:09" />
+ <edge id="1" source="68:37:e9:d2:26:0d" target="00:17:88:69:ee:e4" />
+ <edge id="2" source="00:17:88:69:ee:e4" target="dcp.cpp.philips.com" />
+ <edge id="3" source="00:17:88:69:ee:e4" target="diagnostics.meethue.com" />
+ </edges>
+ </graph>
+</gexf>
+++ /dev/null
-{
- "0018c361-c05b-462b-80fd-924d0d90110f": {
- "dst_ip": "5.79.62.93",
- "dst_port": 80,
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.src": "00:17:88:69:ee:e4",
- "headers": {
- "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"74\", Nonce=\"5uz+9xSbrsC2F9UIj3EnlQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"U77HA2bdom8FQeQHHjOBKw==\"",
- "connection": "close",
- "content-length": "1328",
- "content-type": "application/CB-Encrypted; cipher=AES",
- "host": "dcp.cpp.philips.com:80"
- },
- "host": "dcp.cpp.philips.com:80",
- "method": "POST",
- "src_ip": "192.168.0.160",
- "src_port": 45243,
- "ts": "1508502803.048797000",
- "uri": "/DcpRequestHandler/index.ashx"
- },
- "06c3f251-5dd2-429f-840c-7cee46775c08": {
- "dst_ip": "5.79.62.93",
- "dst_port": 80,
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.src": "00:17:88:69:ee:e4",
- "headers": {
- "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"51\", Nonce=\"IDqv9WAPICxSF9UIgYzuNQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"HO0GNANgmPqD3EsKDz11CQ==\"",
- "connection": "close",
- "content-length": "1328",
- "content-type": "application/CB-Encrypted; cipher=AES",
- "host": "dcp.cpp.philips.com:80"
- },
- "host": "dcp.cpp.philips.com:80",
- "method": "POST",
- "src_ip": "192.168.0.160",
- "src_port": 45175,
- "ts": "1508463201.902797000",
- "uri": "/DcpRequestHandler/index.ashx"
- },
- "109a8616-e01e-47b1-a381-dc10de5c50a1": {
- "dst_ip": "5.79.62.93",
- "dst_port": 80,
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.src": "00:17:88:69:ee:e4",
- "headers": {
- "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"67\", Nonce=\"OeXj2KpCdTmVF9UIH/fp1g==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"v7WnBnxyc0rL6zBViUZt3Q==\"",
- "connection": "close",
- "content-length": "1328",
- "content-type": "application/CB-Encrypted; cipher=AES",
- "host": "dcp.cpp.philips.com:80"
- },
- "host": "dcp.cpp.philips.com:80",
- "method": "POST",
- "src_ip": "192.168.0.160",
- "src_port": 45224,
- "ts": "1508492002.667066000",
- "uri": "/DcpRequestHandler/index.ashx"
- },
- "1146dff1-5bec-4a75-a7be-8e0607e2d79b": {
- "dst_ip": "5.79.62.93",
- "dst_port": 80,
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.src": "00:17:88:69:ee:e4",
- "headers": {
- "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"59\", Nonce=\"IIRRXKWHaLNzF9UIafRhqA==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"Mb84RTuO7v9NBZI4u2KVow==\"",
- "connection": "close",
- "content-length": "1328",
- "content-type": "application/CB-Encrypted; cipher=AES",
- "host": "dcp.cpp.philips.com:80"
- },
- "host": "dcp.cpp.philips.com:80",
- "method": "POST",
- "src_ip": "192.168.0.160",
- "src_port": 45199,
- "ts": "1508477602.251054000",
- "uri": "/DcpRequestHandler/index.ashx"
- },
- "17203fc4-cc9c-4ddc-b75d-828dadcd5707": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56971,
- "ts": "1508500993.884194000",
- "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
- },
- "1d146b55-7395-435d-8e03-d8747f6fc3ca": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56611,
- "ts": "1508469852.249587000",
- "uri": "/description.xml"
- },
- "1ea946a4-e4a6-4fa5-927e-4603e47d6251": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56609,
- "ts": "1508469851.936530000",
- "uri": "/description.xml"
- },
- "1f73b3b1-a13d-499c-8df9-32873a7c340e": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56968,
- "ts": "1508500992.947109000",
- "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
- },
- "21088abf-df7d-45e8-a028-edd22a383f65": {
- "dst_ip": "5.79.62.93",
- "dst_port": 80,
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.src": "00:17:88:69:ee:e4",
- "headers": {
- "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"63\", Nonce=\"0n/qkGVhjHaEF9UIbD9C0w==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"a7dKjQVsYpg5YH/p9UfqmQ==\"",
- "connection": "close",
- "content-length": "1328",
- "content-type": "application/CB-Encrypted; cipher=AES",
- "host": "dcp.cpp.philips.com:80"
- },
- "host": "dcp.cpp.philips.com:80",
- "method": "POST",
- "src_ip": "192.168.0.160",
- "src_port": 45212,
- "ts": "1508484803.583720000",
- "uri": "/DcpRequestHandler/index.ashx"
- },
- "215520aa-f1ea-4129-83c5-155fa84aa219": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56701,
- "ts": "1508477534.895063000",
- "uri": "/description.xml"
- },
- "297939f9-7e43-48ba-b44c-f05d590fac2f": {
- "dst_ip": "5.79.62.93",
- "dst_port": 80,
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.src": "00:17:88:69:ee:e4",
- "headers": {
- "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"72\", Nonce=\"jwevBP0xoV+uF9UI3sJnlA==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"GCdNlUt1IhjIKFkIuQ8V8g==\"",
- "connection": "close",
- "content-length": "1328",
- "content-type": "application/CB-Encrypted; cipher=AES",
- "host": "dcp.cpp.philips.com:80"
- },
- "host": "dcp.cpp.philips.com:80",
- "method": "POST",
- "src_ip": "192.168.0.160",
- "src_port": 45237,
- "ts": "1508499204.343328000",
- "uri": "/DcpRequestHandler/index.ashx"
- },
- "2aa32fd9-ca8e-4ec4-9ef7-0e56a508ce51": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56538,
- "ts": "1508463913.265019000",
- "uri": "/description.xml"
- },
- "2cecaffd-d363-401d-9b6f-1ca89d2b350b": {
- "dst_ip": "5.79.62.93",
- "dst_port": 80,
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.src": "00:17:88:69:ee:e4",
- "headers": {
- "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"60\", Nonce=\"T8McgxJ9HBR8F9UIHQxr3A==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"pB8wKvl1l7ugOuNTTS9oxQ==\"",
- "connection": "close",
- "content-length": "1328",
- "content-type": "application/CB-Encrypted; cipher=AES",
- "host": "dcp.cpp.philips.com:80"
- },
- "host": "dcp.cpp.philips.com:80",
- "method": "POST",
- "src_ip": "192.168.0.160",
- "src_port": 45200,
- "ts": "1508477602.669084000",
- "uri": "/DcpRequestHandler/index.ashx"
- },
- "2f197b06-d092-427f-a92a-ba9b247e73d6": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 57055,
- "ts": "1508509044.965021000",
- "uri": "/description.xml"
- },
- "3010efcb-45f8-43fc-9443-8a3ba838ee9f": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56540,
- "ts": "1508463914.137918000",
- "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
- },
- "3236af6d-4542-4257-9087-bafcbbdb5de9": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56879,
- "ts": "1508493119.264807000",
- "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
- },
- "3acd5f57-061a-474b-bb89-5b65f5e549d3": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 57062,
- "ts": "1508509045.921481000",
- "uri": "/description.xml"
- },
- "3c1ba96c-4e39-439b-9ada-e6c66f6e0e7f": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 57072,
- "ts": "1508509214.456013000",
- "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
- },
- "3f95a4d2-9586-430c-a002-616896328da3": {
- "dst_ip": "5.79.62.93",
- "dst_port": 80,
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.src": "00:17:88:69:ee:e4",
- "headers": {
- "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"57\", Nonce=\"UKDWAA1aUlFrF9UItdlMsw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"PdwZCCElcnhZG70H7kTWtg==\"",
- "connection": "close",
- "content-length": "1328",
- "content-type": "application/CB-Encrypted; cipher=AES",
- "host": "dcp.cpp.philips.com:80"
- },
- "host": "dcp.cpp.philips.com:80",
- "method": "POST",
- "src_ip": "192.168.0.160",
- "src_port": 45193,
- "ts": "1508474003.675549000",
- "uri": "/DcpRequestHandler/index.ashx"
- },
- "4b7c4441-ee52-4167-a7e3-f9b196e31cf2": {
- "dst_ip": "130.211.67.12",
- "dst_port": 80,
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.src": "00:17:88:69:ee:e4",
- "headers": {
- "connection": "close",
- "content-type": "text/plain",
- "host": "diagnostics.meethue.com:80",
- "transfer-encoding": "chunked"
- },
- "host": "diagnostics.meethue.com:80",
- "method": "POST",
- "src_ip": "192.168.0.160",
- "src_port": 54159,
- "ts": "1508461977.224826000",
- "uri": "/bridges/fullconfig?sso=91c2b44e0cc2e21ed49576ab6732c15b5c8a86e5f4211feb4a1e9a086dddf9d2663e7c6b035a33b43dd98c6168842c6bbed4f84f8ba27cb6e6593dc3de07a2909c62693157c503a676c182a44daf78ddae30900de525cad753035de299958db2121a4284346b74371c889cfc5df609cb33d126e3051871163f5d767a9d53b72ae6e8901db39b90d2247db5cb734db1b8f18c37bfc23ed6091359629f8c68074ea0d7377c6da7b5b88bccda18a2e137e29f0bab89d64d94c2524b639e5712061b&i=e11f3860cfb5d8a0e502583853950fb6&auth=f66de122ea23c53e85a152b1be18131517dddef7"
- },
- "503b740d-2377-4ab3-b1c0-318522744453": {
- "dst_ip": "5.79.62.93",
- "dst_port": 80,
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.src": "00:17:88:69:ee:e4",
- "headers": {
- "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"55\", Nonce=\"LDg3BhU5Mu9iF9UIehwGlA==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"yoodQRhNNMKwd6zmaU7QuA==\"",
- "connection": "close",
- "content-length": "1328",
- "content-type": "application/CB-Encrypted; cipher=AES",
- "host": "dcp.cpp.philips.com:80"
- },
- "host": "dcp.cpp.philips.com:80",
- "method": "POST",
- "src_ip": "192.168.0.160",
- "src_port": 45187,
- "ts": "1508470403.122955000",
- "uri": "/DcpRequestHandler/index.ashx"
- },
- "515d8cf7-1847-4ac5-a62d-9fb279703109": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56697,
- "ts": "1508477533.624722000",
- "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
- },
- "5247061a-0a8d-4bc5-a7a5-71f86862d3e1": {
- "dst_ip": "5.79.62.93",
- "dst_port": 80,
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.src": "00:17:88:69:ee:e4",
- "headers": {
- "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"66\", Nonce=\"bSBJ+8tVRzmVF9UI+DCyBw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"rLf0EDCXW2dxHEFY/c0lzg==\"",
- "connection": "close",
- "content-length": "1328",
- "content-type": "application/CB-Encrypted; cipher=AES",
- "host": "dcp.cpp.philips.com:80"
- },
- "host": "dcp.cpp.philips.com:80",
- "method": "POST",
- "src_ip": "192.168.0.160",
- "src_port": 45219,
- "ts": "1508488402.457324000",
- "uri": "/DcpRequestHandler/index.ashx"
- },
- "54753c2d-6229-405d-8cbd-b54c2d464099": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56612,
- "ts": "1508469853.385023000",
- "uri": "/description.xml"
- },
- "562394f8-b1da-4002-9ad4-822c09bee722": {
- "dst_ip": "5.79.62.93",
- "dst_port": 80,
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.src": "00:17:88:69:ee:e4",
- "headers": {
- "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"52\", Nonce=\"+prNMq//zoxaF9UIAX4cmA==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"PD/HP4NMadOITSv65W1NVQ==\"",
- "connection": "close",
- "content-length": "1328",
- "content-type": "application/CB-Encrypted; cipher=AES",
- "host": "dcp.cpp.philips.com:80"
- },
- "host": "dcp.cpp.philips.com:80",
- "method": "POST",
- "src_ip": "192.168.0.160",
- "src_port": 45176,
- "ts": "1508463202.320736000",
- "uri": "/DcpRequestHandler/index.ashx"
- },
- "58c45fe4-76f3-4b37-a318-32c55384cc82": {
- "dst_ip": "5.79.62.93",
- "dst_port": 80,
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.src": "00:17:88:69:ee:e4",
- "headers": {
- "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"65\", Nonce=\"YbFoE9OcpdiMF9UI5i3Sxg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"2+jvV9CpnWbrY7RxSfhszw==\"",
- "connection": "close",
- "content-length": "1328",
- "content-type": "application/CB-Encrypted; cipher=AES",
- "host": "dcp.cpp.philips.com:80"
- },
- "host": "dcp.cpp.philips.com:80",
- "method": "POST",
- "src_ip": "192.168.0.160",
- "src_port": 45218,
- "ts": "1508488402.036753000",
- "uri": "/DcpRequestHandler/index.ashx"
- },
- "5d624b10-ff7e-4134-a095-ebb132041283": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56537,
- "ts": "1508463913.049301000",
- "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
- },
- "5fc69874-d257-4986-8e73-81fe63d58a58": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56970,
- "ts": "1508500993.744272000",
- "uri": "/description.xml"
- },
- "6134fa96-2d71-4749-ab82-c9680631966d": {
- "dst_ip": "5.79.62.93",
- "dst_port": 80,
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.src": "00:17:88:69:ee:e4",
- "headers": {
- "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"49\", Nonce=\"pjd9TR/COapKF9UIvgMIbg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"cWIdFvlc1zTaM1lRh+sG1w==\"",
- "connection": "close",
- "content-length": "1328",
- "content-type": "application/CB-Encrypted; cipher=AES",
- "host": "dcp.cpp.philips.com:80"
- },
- "host": "dcp.cpp.philips.com:80",
- "method": "POST",
- "src_ip": "192.168.0.160",
- "src_port": 45168,
- "ts": "1508459603.327754000",
- "uri": "/DcpRequestHandler/index.ashx"
- },
- "640baacd-ba1a-46ba-925f-1e7459564989": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56539,
- "ts": "1508463913.918475000",
- "uri": "/description.xml"
- },
- "6518d1b2-1015-4ec9-95ee-77e9830e115a": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56878,
- "ts": "1508493119.118306000",
- "uri": "/description.xml"
- },
- "6a4d30ba-1446-4921-84c1-fbbbf1a4f6e1": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56794,
- "ts": "1508485432.979175000",
- "uri": "/description.xml"
- },
- "6a7f595a-e223-45b3-97cc-48cad9d7c548": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 57073,
- "ts": "1508509214.519479000",
- "uri": "/description.xml"
- },
- "6cb61e21-61f1-4d86-8211-f8e52362755f": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56788,
- "ts": "1508485431.641818000",
- "uri": "/description.xml"
- },
- "6ce7eecd-fadf-45e2-9cea-fdd76d667be6": {
- "dst_ip": "5.79.62.93",
- "dst_port": 80,
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.src": "00:17:88:69:ee:e4",
- "headers": {
- "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"53\", Nonce=\"Aj6ghgnkEo1aF9UIkdJNZQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"9OaGG6mRlwNym3ixwA9ivw==\"",
- "connection": "close",
- "content-length": "1328",
- "content-type": "application/CB-Encrypted; cipher=AES",
- "host": "dcp.cpp.philips.com:80"
- },
- "host": "dcp.cpp.philips.com:80",
- "method": "POST",
- "src_ip": "192.168.0.160",
- "src_port": 45181,
- "ts": "1508466802.518608000",
- "uri": "/DcpRequestHandler/index.ashx"
- },
- "6de21d41-d0c9-4504-bb60-86479bdd0d1f": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 57071,
- "ts": "1508509214.280691000",
- "uri": "/description.xml"
- },
- "6eac540f-2617-4caf-a777-158fa155a7e2": {
- "dst_ip": "5.79.62.93",
- "dst_port": 80,
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.src": "00:17:88:69:ee:e4",
- "headers": {
- "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"54\", Nonce=\"RnQj4ESU6O5iF9UIGxlBuw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"lFHZk7Y9NuBYpbyswcoUZw==\"",
- "connection": "close",
- "content-length": "1328",
- "content-type": "application/CB-Encrypted; cipher=AES",
- "host": "dcp.cpp.philips.com:80"
- },
- "host": "dcp.cpp.philips.com:80",
- "method": "POST",
- "src_ip": "192.168.0.160",
- "src_port": 45182,
- "ts": "1508466802.939248000",
- "uri": "/DcpRequestHandler/index.ashx"
- },
- "706cc9e4-06a0-4260-a5fb-d1e5846b15fd": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56613,
- "ts": "1508469853.515797000",
- "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
- },
- "73768ca9-ada0-4930-9be5-a4ae242bc6e3": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56698,
- "ts": "1508477533.627907000",
- "uri": "/description.xml"
- },
- "75b2f21d-cafb-4fa2-a1be-86c8da9b7b9c": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56696,
- "ts": "1508477533.470368000",
- "uri": "/description.xml"
- },
- "773114f0-2158-4484-9905-0b2c23357138": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56881,
- "ts": "1508493120.171827000",
- "uri": "/description.xml"
- },
- "7a7d63cd-9a64-4c22-943c-2ff539fb0713": {
- "dst_ip": "5.79.62.93",
- "dst_port": 80,
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.src": "00:17:88:69:ee:e4",
- "headers": {
- "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"50\", Nonce=\"HYIu7st62itSF9UI1C0tnw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"AIJFnUuBeCAhSJwsSPPIJA==\"",
- "connection": "close",
- "content-length": "1328",
- "content-type": "application/CB-Encrypted; cipher=AES",
- "host": "dcp.cpp.philips.com:80"
- },
- "host": "dcp.cpp.philips.com:80",
- "method": "POST",
- "src_ip": "192.168.0.160",
- "src_port": 45169,
- "ts": "1508459603.745723000",
- "uri": "/DcpRequestHandler/index.ashx"
- },
- "7bbe7675-bca6-480c-8b4c-372cfb412b65": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56700,
- "ts": "1508477534.717225000",
- "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
- },
- "7c0eac67-4f15-4fce-8443-ef89c391060b": {
- "dst_ip": "5.79.62.93",
- "dst_port": 80,
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.src": "00:17:88:69:ee:e4",
- "headers": {
- "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"70\", Nonce=\"w0E1Ikptdv2lF9UIt96XtA==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"ZbLS0OUJ3WJY/VmOWlIEQg==\"",
- "connection": "close",
- "content-length": "1328",
- "content-type": "application/CB-Encrypted; cipher=AES",
- "host": "dcp.cpp.philips.com:80"
- },
- "host": "dcp.cpp.philips.com:80",
- "method": "POST",
- "src_ip": "192.168.0.160",
- "src_port": 45231,
- "ts": "1508495603.618857000",
- "uri": "/DcpRequestHandler/index.ashx"
- },
- "80a3ebbb-6983-406f-8bfa-4c0e9ccca1f7": {
- "dst_ip": "5.79.62.93",
- "dst_port": 80,
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.src": "00:17:88:69:ee:e4",
- "headers": {
- "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"73\", Nonce=\"D/VVU+4V91+uF9UIMimHoA==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"wTYNVcjDJuYaIlqPvDbd+Q==\"",
- "connection": "close",
- "content-length": "1328",
- "content-type": "application/CB-Encrypted; cipher=AES",
- "host": "dcp.cpp.philips.com:80"
- },
- "host": "dcp.cpp.philips.com:80",
- "method": "POST",
- "src_ip": "192.168.0.160",
- "src_port": 45242,
- "ts": "1508502802.629928000",
- "uri": "/DcpRequestHandler/index.ashx"
- },
- "80ca0244-6b0d-4b4c-9672-c0e4d82ba48e": {
- "dst_ip": "5.79.62.93",
- "dst_port": 80,
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.src": "00:17:88:69:ee:e4",
- "headers": {
- "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"61\", Nonce=\"wrIsdgJIWhR8F9UIx6Nk6A==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"rMFjUBkfbR8k+XM4J0Nk+A==\"",
- "connection": "close",
- "content-length": "1328",
- "content-type": "application/CB-Encrypted; cipher=AES",
- "host": "dcp.cpp.philips.com:80"
- },
- "host": "dcp.cpp.philips.com:80",
- "method": "POST",
- "src_ip": "192.168.0.160",
- "src_port": 45205,
- "ts": "1508481202.944385000",
- "uri": "/DcpRequestHandler/index.ashx"
- },
- "8404af06-b8d8-4276-aea8-fee733250922": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56880,
- "ts": "1508493119.423201000",
- "uri": "/description.xml"
- },
- "87e491e1-d4e0-4248-8172-fa71bfbd2625": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56966,
- "ts": "1508500992.697184000",
- "uri": "/description.xml"
- },
- "8b7dcd6a-c592-42c6-8749-433f748ff589": {
- "dst_ip": "5.79.62.93",
- "dst_port": 80,
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.src": "00:17:88:69:ee:e4",
- "headers": {
- "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"77\", Nonce=\"v6de2RSqHCO/F9UIB9IETQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"Y2KkPRoOd5rN1bo4Bru7XQ==\"",
- "connection": "close",
- "content-length": "1328",
- "content-type": "application/CB-Encrypted; cipher=AES",
- "host": "dcp.cpp.philips.com:80"
- },
- "host": "dcp.cpp.philips.com:80",
- "method": "POST",
- "src_ip": "192.168.0.160",
- "src_port": 45254,
- "ts": "1508510003.723787000",
- "uri": "/DcpRequestHandler/index.ashx"
- },
- "902ca1cf-b791-4fdd-bc7c-63eda786335d": {
- "dst_ip": "5.79.62.93",
- "dst_port": 80,
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.src": "00:17:88:69:ee:e4",
- "headers": {
- "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"69\", Nonce=\"O2nbMFG4qpudF9UI9et8gQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"rE4BCqqoV5ApwZlmkzLx/A==\"",
- "connection": "close",
- "content-length": "1328",
- "content-type": "application/CB-Encrypted; cipher=AES",
- "host": "dcp.cpp.philips.com:80"
- },
- "host": "dcp.cpp.philips.com:80",
- "method": "POST",
- "src_ip": "192.168.0.160",
- "src_port": 45230,
- "ts": "1508495603.198446000",
- "uri": "/DcpRequestHandler/index.ashx"
- },
- "94ca8be3-3c28-4fae-93da-2bdf41621ad0": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 57061,
- "ts": "1508509045.209972000",
- "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
- },
- "995abfd5-ed0b-4d4d-a9fe-1c09fb7f0baa": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56793,
- "ts": "1508485432.751765000",
- "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
- },
- "9aa6333b-b72b-455a-8135-c75c0c81ae72": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56702,
- "ts": "1508477535.050616000",
- "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
- },
- "9b7c2e45-6897-47f5-a3ac-60a88fd71525": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56610,
- "ts": "1508469852.190570000",
- "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
- },
- "a12bb9fa-49ec-4969-b687-18567f93d8a8": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 57065,
- "ts": "1508509046.706024000",
- "uri": "/description.xml"
- },
- "a1305724-ce2b-4ec0-96a1-56ffdada2782": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56791,
- "ts": "1508485432.224563000",
- "uri": "/description.xml"
- },
- "a4464775-d8d8-44fc-9215-94a4bfb5c26d": {
- "dst_ip": "5.79.62.93",
- "dst_port": 80,
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.src": "00:17:88:69:ee:e4",
- "headers": {
- "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"76\", Nonce=\"Txncu/KW2yK/F9UIeTMGug==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"Fn/fJIlXLMbcdiZ27pWNwQ==\"",
- "connection": "close",
- "content-length": "1328",
- "content-type": "application/CB-Encrypted; cipher=AES",
- "host": "dcp.cpp.philips.com:80"
- },
- "host": "dcp.cpp.philips.com:80",
- "method": "POST",
- "src_ip": "192.168.0.160",
- "src_port": 45249,
- "ts": "1508506403.694917000",
- "uri": "/DcpRequestHandler/index.ashx"
- },
- "a61dd83c-6989-4559-9039-363dbeb54ab9": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56542,
- "ts": "1508463914.840072000",
- "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
- },
- "a9ce3646-8671-4c44-a14e-47a38d0a32e0": {
- "dst_ip": "5.79.62.93",
- "dst_port": 80,
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.src": "00:17:88:69:ee:e4",
- "headers": {
- "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"56\", Nonce=\"87rYprWmElFrF9UIyB2bjQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"5oOnGRHc4VVgOtmTGnSXSw==\"",
- "connection": "close",
- "content-length": "1328",
- "content-type": "application/CB-Encrypted; cipher=AES",
- "host": "dcp.cpp.philips.com:80"
- },
- "host": "dcp.cpp.philips.com:80",
- "method": "POST",
- "src_ip": "192.168.0.160",
- "src_port": 45188,
- "ts": "1508470403.541300000",
- "uri": "/DcpRequestHandler/index.ashx"
- },
- "acd1abe3-3f2e-4656-8847-5c3213277d11": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56882,
- "ts": "1508493120.316778000",
- "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
- },
- "bc134e48-ab13-4e58-b132-dd6435f3ac2b": {
- "dst_ip": "5.79.62.93",
- "dst_port": 80,
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.src": "00:17:88:69:ee:e4",
- "headers": {
- "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"71\", Nonce=\"LtIwGyrkvv2lF9UIdFDgLg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"jTrgvKNNbcTEqXRajrcYKQ==\"",
- "connection": "close",
- "content-length": "1328",
- "content-type": "application/CB-Encrypted; cipher=AES",
- "host": "dcp.cpp.philips.com:80"
- },
- "host": "dcp.cpp.philips.com:80",
- "method": "POST",
- "src_ip": "192.168.0.160",
- "src_port": 45236,
- "ts": "1508499203.924411000",
- "uri": "/DcpRequestHandler/index.ashx"
- },
- "bd3385cb-97f2-43ba-9639-b92249b43a20": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 57063,
- "ts": "1508509046.116595000",
- "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
- },
- "bffb106d-cfe8-4a1c-9f23-33fbd2d5e217": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56969,
- "ts": "1508500993.623407000",
- "uri": "/description.xml"
- },
- "c0838e3b-834e-413b-bcb8-d259b10616d1": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 57075,
- "ts": "1508509215.520208000",
- "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
- },
- "cacaff93-4fc0-4d24-a0db-83a437c22f8f": {
- "dst_ip": "5.79.62.93",
- "dst_port": 80,
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.src": "00:17:88:69:ee:e4",
- "headers": {
- "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"64\", Nonce=\"WIGvypHsZdiMF9UIrliQWQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"uf13Jx8s/eL7BiklzmuutQ==\"",
- "connection": "close",
- "content-length": "1328",
- "content-type": "application/CB-Encrypted; cipher=AES",
- "host": "dcp.cpp.philips.com:80"
- },
- "host": "dcp.cpp.philips.com:80",
- "method": "POST",
- "src_ip": "192.168.0.160",
- "src_port": 45213,
- "ts": "1508484804.000058000",
- "uri": "/DcpRequestHandler/index.ashx"
- },
- "cb89a141-47e7-48e2-86bb-998e956c390a": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56614,
- "ts": "1508469853.818103000",
- "uri": "/description.xml"
- },
- "d798cc2e-b848-416a-ae9f-0feb5c5cc83a": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 57074,
- "ts": "1508509215.329645000",
- "uri": "/description.xml"
- },
- "db713a11-86ca-4903-bf03-78c056424a33": {
- "dst_ip": "5.79.62.93",
- "dst_port": 80,
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.src": "00:17:88:69:ee:e4",
- "headers": {
- "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"68\", Nonce=\"pedBaQkJYZudF9UICPNNyA==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"rXzU3PkJXq66quYxt4dR0w==\"",
- "connection": "close",
- "content-length": "1328",
- "content-type": "application/CB-Encrypted; cipher=AES",
- "host": "dcp.cpp.philips.com:80"
- },
- "host": "dcp.cpp.philips.com:80",
- "method": "POST",
- "src_ip": "192.168.0.160",
- "src_port": 45225,
- "ts": "1508492003.083641000",
- "uri": "/DcpRequestHandler/index.ashx"
- },
- "de22dff6-4385-4c1b-9c0e-647784497294": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56795,
- "ts": "1508485433.142029000",
- "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
- },
- "df5bcd9f-f274-4fff-b318-27fb659b6f59": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 57064,
- "ts": "1508509046.116540000",
- "uri": "/description.xml"
- },
- "e3d19c2c-b137-4756-919c-f70036e6ee04": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56615,
- "ts": "1508469854.003616000",
- "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
- },
- "e600104e-fbe8-4319-9d84-ca08047efd0f": {
- "dst_ip": "5.79.62.93",
- "dst_port": 80,
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.src": "00:17:88:69:ee:e4",
- "headers": {
- "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"75\", Nonce=\"8tOzN9657sC2F9UIl3ayqQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"OZk4/yc2TQeK7ph0tAkojA==\"",
- "connection": "close",
- "content-length": "1328",
- "content-type": "application/CB-Encrypted; cipher=AES",
- "host": "dcp.cpp.philips.com:80"
- },
- "host": "dcp.cpp.philips.com:80",
- "method": "POST",
- "src_ip": "192.168.0.160",
- "src_port": 45248,
- "ts": "1508506403.275265000",
- "uri": "/DcpRequestHandler/index.ashx"
- },
- "e9139b55-7c4d-407f-aaeb-b4e748a066a3": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56792,
- "ts": "1508485432.565257000",
- "uri": "/description.xml"
- },
- "e9557ac5-4e07-4514-a804-1b0a69b99036": {
- "dst_ip": "5.79.62.93",
- "dst_port": 80,
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.src": "00:17:88:69:ee:e4",
- "headers": {
- "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"62\", Nonce=\"BdKCsHaZQHaEF9UI5C5bWQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"hZf/7zl4u0jeRzps/5PXjA==\"",
- "connection": "close",
- "content-length": "1328",
- "content-type": "application/CB-Encrypted; cipher=AES",
- "host": "dcp.cpp.philips.com:80"
- },
- "host": "dcp.cpp.philips.com:80",
- "method": "POST",
- "src_ip": "192.168.0.160",
- "src_port": 45206,
- "ts": "1508481203.365353000",
- "uri": "/DcpRequestHandler/index.ashx"
- },
- "ed359f08-9716-46e9-b242-fa0a7ad74b32": {
- "dst_ip": "5.79.62.93",
- "dst_port": 80,
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.src": "00:17:88:69:ee:e4",
- "headers": {
- "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"58\", Nonce=\"rSl/kVJvL7NzF9UIfuR6vQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"F1ymgtXGLgEjjsJtNRm7jQ==\"",
- "connection": "close",
- "content-length": "1328",
- "content-type": "application/CB-Encrypted; cipher=AES",
- "host": "dcp.cpp.philips.com:80"
- },
- "host": "dcp.cpp.philips.com:80",
- "method": "POST",
- "src_ip": "192.168.0.160",
- "src_port": 45194,
- "ts": "1508474004.097958000",
- "uri": "/DcpRequestHandler/index.ashx"
- },
- "edbec7e3-ab76-4c3d-92cf-afbf3a717665": {
- "dst_ip": "130.211.67.12",
- "dst_port": 80,
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.src": "00:17:88:69:ee:e4",
- "headers": {
- "connection": "close",
- "content-type": "text/plain",
- "host": "diagnostics.meethue.com:80",
- "transfer-encoding": "chunked"
- },
- "host": "diagnostics.meethue.com:80",
- "method": "POST",
- "src_ip": "192.168.0.160",
- "src_port": 54196,
- "ts": "1508483525.057124000",
- "uri": "/bridges/ws/stats?sso=91c2b44e0cc2e21ed49576ab6732c15b5c8a86e5f4211feb4a1e9a086dddf9d2663e7c6b035a33b43dd98c6168842c6bbed4f84f8ba27cb6e6593dc3de07a2909c62693157c503a676c182a44daf78ddae30900de525cad753035de299958db2121a4284346b74371c889cfc5df609cb33d126e3051871163f5d767a9d53b72ae6e8901db39b90d2247db5cb734db1b8f18c37bfc23ed6091359629f8c68074ea0d7377c6da7b5b88bccda18a2e137e29f0bab89d64d94c2524b639e5712061b&i=aa75654336d2f72df5b22d857fe4e512&auth=c0692053fa23c4a9704396bc516c1287a38e4b38"
- },
- "ee7a172f-4939-42b3-90c4-f14569632c3d": {
- "dst_ip": "5.79.62.93",
- "dst_port": 80,
- "eth.dst": "b0:b9:8a:73:69:8e",
- "eth.src": "00:17:88:69:ee:e4",
- "headers": {
- "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"78\", Nonce=\"z9B2roxq4oTHF9UICymJ7Q==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"okPL+Sx5SKAgjONdFT54nQ==\"",
- "connection": "close",
- "content-length": "1328",
- "content-type": "application/CB-Encrypted; cipher=AES",
- "host": "dcp.cpp.philips.com:80"
- },
- "host": "dcp.cpp.philips.com:80",
- "method": "POST",
- "src_ip": "192.168.0.160",
- "src_port": 45255,
- "ts": "1508510004.140691000",
- "uri": "/DcpRequestHandler/index.ashx"
- },
- "f1b63783-f5dd-4a48-ad04-40b447f2adf7": {
- "dst_ip": "192.168.0.226",
- "dst_port": 49153,
- "eth.dst": "94:10:3e:36:60:09",
- "eth.src": "d0:52:a8:a3:60:0f",
- "headers": {
- "content-length": "277",
- "content-type": "text/xml; charset=\"utf-8\"",
- "host": "192.168.0.226:49153",
- "soapaction": "\"urn:Belkin:service:basicevent:1#GetBinaryState\"",
- "user-agent": "CyberGarage-HTTP/1.0"
- },
- "host": "192.168.0.226:49153",
- "method": "POST",
- "src_ip": "192.168.0.243",
- "src_port": 51912,
- "ts": "1508472514.240077000",
- "uri": "/upnp/control/basicevent1"
- },
- "f8607e7e-d759-4f28-95c4-9cb58fa19e67": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56541,
- "ts": "1508463914.706660000",
- "uri": "/description.xml"
- },
- "fa94b3a9-8cbd-4782-a151-a274592aeeb4": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56536,
- "ts": "1508463912.908377000",
- "uri": "/description.xml"
- },
- "fb58b8af-4bd8-443f-a9b1-9143aca25692": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56699,
- "ts": "1508477534.524516000",
- "uri": "/description.xml"
- },
- "fc44d4d5-0fff-4c2a-b246-1a3a2c162409": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 56790,
- "ts": "1508485431.919622000",
- "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
- },
- "fe685706-cfaa-4b66-9959-1fe78bbbd89a": {
- "dst_ip": "192.168.0.160",
- "dst_port": 80,
- "eth.dst": "00:17:88:69:ee:e4",
- "eth.src": "68:37:e9:d2:26:0d",
- "headers": {
- "accept": "*/*",
- "host": "192.168.0.160"
- },
- "host": "192.168.0.160",
- "method": "GET",
- "src_ip": "192.168.0.227",
- "src_port": 57066,
- "ts": "1508509046.856076000",
- "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
- }
-}
\ No newline at end of file
--- /dev/null
+[
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:07:51.560156000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508458071.560156000",
+ "frame.time_delta": "1.053360000",
+ "frame.time_delta_displayed": "0.000000000",
+ "frame.time_relative": "359.154952000",
+ "frame.number": "380",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000c5d4",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000f2e8",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "35041",
+ "udp.dstport": "53",
+ "udp.port": "35041",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000d04f",
+ "udp.checksum.status": "2",
+ "udp.stream": "19"
+ },
+ "dns": {
+ "dns.response_in": "381",
+ "dns.id": "0x00000487",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:07:51.597999000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508458071.597999000",
+ "frame.time_delta": "0.037843000",
+ "frame.time_delta_displayed": "0.037843000",
+ "frame.time_relative": "359.192795000",
+ "frame.number": "381",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00001e6a",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000989e",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "35041",
+ "udp.port": "53",
+ "udp.port": "35041",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "19"
+ },
+ "dns": {
+ "dns.response_to": "380",
+ "dns.time": "0.037843000",
+ "dns.id": "0x00000487",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "115",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "13313",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.113"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "485",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "485",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "485",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "485",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "485",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "485",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "485",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "485",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "485",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3795",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2515",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.229"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3016",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.229"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.241": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3200",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.241"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2106",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.33": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3857",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.33"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3654",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.95"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.239": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3718",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.239"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2491",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:22:51.607393000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508458971.607393000",
+ "frame.time_delta": "4.029605000",
+ "frame.time_delta_displayed": "900.009394000",
+ "frame.time_relative": "1259.202189000",
+ "frame.number": "1239",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00000103",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000b7ba",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "57902",
+ "udp.dstport": "53",
+ "udp.port": "57902",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x00007701",
+ "udp.checksum.status": "2",
+ "udp.stream": "36"
+ },
+ "dns": {
+ "dns.response_in": "1240",
+ "dns.id": "0x00000488",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:22:51.678853000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508458971.678853000",
+ "frame.time_delta": "0.071460000",
+ "frame.time_delta_displayed": "0.071460000",
+ "frame.time_relative": "1259.273649000",
+ "frame.number": "1240",
+ "frame.len": "467",
+ "frame.cap_len": "467",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "453",
+ "ip.id": "0x00004f7c",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000067ba",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "57902",
+ "udp.port": "53",
+ "udp.port": "57902",
+ "udp.length": "433",
+ "udp.checksum": "0x000083b4",
+ "udp.checksum.status": "2",
+ "udp.stream": "36"
+ },
+ "dns": {
+ "dns.response_to": "1239",
+ "dns.time": "0.071460000",
+ "dns.id": "0x00000488",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "8",
+ "dns.count.add_rr": "8",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "115",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "12413",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.113"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "587",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "587",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "587",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "587",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "587",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "587",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "587",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "587",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2895",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1615",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.229"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2116",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.229"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.241": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2300",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.241"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1206",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.33": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2957",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.33"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2754",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.95"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.239": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2818",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.239"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:33:23.045476000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508459603.045476000",
+ "frame.time_delta": "1.106645000",
+ "frame.time_delta_displayed": "631.366623000",
+ "frame.time_relative": "1890.640272000",
+ "frame.number": "1873",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00001f1b",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000999f",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "44067",
+ "udp.dstport": "53",
+ "udp.port": "44067",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00001491",
+ "udp.checksum.status": "2",
+ "udp.stream": "51"
+ },
+ "dns": {
+ "dns.response_in": "1874",
+ "dns.id": "0x00000489",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:33:23.047090000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508459603.047090000",
+ "frame.time_delta": "0.001614000",
+ "frame.time_delta_displayed": "0.001614000",
+ "frame.time_relative": "1890.641886000",
+ "frame.number": "1874",
+ "frame.len": "137",
+ "frame.cap_len": "137",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "123",
+ "ip.id": "0x00002b52",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00008d2e",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "44067",
+ "udp.port": "53",
+ "udp.port": "44067",
+ "udp.length": "103",
+ "udp.checksum": "0x0000826a",
+ "udp.checksum.status": "2",
+ "udp.stream": "51"
+ },
+ "dns": {
+ "dns.response_to": "1873",
+ "dns.time": "0.001614000",
+ "dns.id": "0x00000489",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "1",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "6",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "643",
+ "dns.resp.len": "46",
+ "dns.soa.mname": "ns1.ext.philips.com",
+ "dns.soa.rname": "ddi-authority.philips.com",
+ "dns.soa.serial_number": "387",
+ "dns.soa.refresh_interval": "1200",
+ "dns.soa.retry_interval": "300",
+ "dns.soa.expire_limit": "1209600",
+ "dns.soa.mininum_ttl": "3600"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:33:23.048272000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508459603.048272000",
+ "frame.time_delta": "0.001182000",
+ "frame.time_delta_displayed": "0.001182000",
+ "frame.time_relative": "1890.643068000",
+ "frame.number": "1875",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00001f1c",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000999e",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "51510",
+ "udp.dstport": "53",
+ "udp.port": "51510",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000127d",
+ "udp.checksum.status": "2",
+ "udp.stream": "52"
+ },
+ "dns": {
+ "dns.response_in": "1876",
+ "dns.id": "0x0000048a",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:33:23.049516000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508459603.049516000",
+ "frame.time_delta": "0.001244000",
+ "frame.time_delta_displayed": "0.001244000",
+ "frame.time_relative": "1890.644312000",
+ "frame.number": "1876",
+ "frame.len": "285",
+ "frame.cap_len": "285",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "271",
+ "ip.id": "0x00002b53",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00008c99",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "51510",
+ "udp.port": "53",
+ "udp.port": "51510",
+ "udp.length": "251",
+ "udp.checksum": "0x000082fe",
+ "udp.checksum.status": "2",
+ "udp.stream": "52"
+ },
+ "dns": {
+ "dns.response_to": "1875",
+ "dns.time": "0.001244000",
+ "dns.id": "0x0000048a",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "6",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "644",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "644",
+ "dns.resp.len": "10",
+ "dns.ns": "ns1.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "644",
+ "dns.resp.len": "6",
+ "dns.ns": "ns2.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "644",
+ "dns.resp.len": "6",
+ "dns.ns": "ns3.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "155007",
+ "dns.resp.len": "4",
+ "dns.a": "57.67.40.20"
+ },
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3438",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3438",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "158626",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "151199",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "151199",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:33:23.470381000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508459603.470381000",
+ "frame.time_delta": "0.000880000",
+ "frame.time_delta_displayed": "0.420865000",
+ "frame.time_relative": "1891.065177000",
+ "frame.number": "1892",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00001f22",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00009998",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "44843",
+ "udp.dstport": "53",
+ "udp.port": "44843",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00001187",
+ "udp.checksum.status": "2",
+ "udp.stream": "53"
+ },
+ "dns": {
+ "dns.response_in": "1893",
+ "dns.id": "0x0000048b",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:33:23.470880000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508459603.470880000",
+ "frame.time_delta": "0.000499000",
+ "frame.time_delta_displayed": "0.000499000",
+ "frame.time_relative": "1891.065676000",
+ "frame.number": "1893",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00002b76",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00008d44",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "44843",
+ "udp.port": "53",
+ "udp.port": "44843",
+ "udp.length": "45",
+ "udp.checksum": "0x00008230",
+ "udp.checksum.status": "2",
+ "udp.stream": "53"
+ },
+ "dns": {
+ "dns.response_to": "1892",
+ "dns.time": "0.000499000",
+ "dns.id": "0x0000048b",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:33:23.471684000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508459603.471684000",
+ "frame.time_delta": "0.000804000",
+ "frame.time_delta_displayed": "0.000804000",
+ "frame.time_relative": "1891.066480000",
+ "frame.number": "1894",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00001f23",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00009997",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "40021",
+ "udp.dstport": "53",
+ "udp.port": "40021",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00003f5c",
+ "udp.checksum.status": "2",
+ "udp.stream": "54"
+ },
+ "dns": {
+ "dns.response_in": "1895",
+ "dns.id": "0x0000048c",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:33:23.472192000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508459603.472192000",
+ "frame.time_delta": "0.000508000",
+ "frame.time_delta_displayed": "0.000508000",
+ "frame.time_relative": "1891.066988000",
+ "frame.number": "1895",
+ "frame.len": "95",
+ "frame.cap_len": "95",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "81",
+ "ip.id": "0x00002b77",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00008d33",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "40021",
+ "udp.port": "53",
+ "udp.port": "40021",
+ "udp.length": "61",
+ "udp.checksum": "0x00008240",
+ "udp.checksum.status": "2",
+ "udp.stream": "54"
+ },
+ "dns": {
+ "dns.response_to": "1894",
+ "dns.time": "0.000508000",
+ "dns.id": "0x0000048c",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "644",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:37:51.689099000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508459871.689099000",
+ "frame.time_delta": "0.145237000",
+ "frame.time_delta_displayed": "268.216907000",
+ "frame.time_relative": "2159.283895000",
+ "frame.number": "2153",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x000053f4",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000064c9",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "49510",
+ "udp.dstport": "53",
+ "udp.port": "49510",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x000097c4",
+ "udp.checksum.status": "2",
+ "udp.stream": "60"
+ },
+ "dns": {
+ "dns.response_in": "2154",
+ "dns.id": "0x0000048d",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:37:51.695550000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508459871.695550000",
+ "frame.time_delta": "0.006451000",
+ "frame.time_delta_displayed": "0.006451000",
+ "frame.time_relative": "2159.290346000",
+ "frame.number": "2154",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000851c",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000031ec",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "49510",
+ "udp.port": "53",
+ "udp.port": "49510",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "60"
+ },
+ "dns": {
+ "dns.response_to": "2153",
+ "dns.time": "0.006451000",
+ "dns.id": "0x0000048d",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "141",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "13111",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.113"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2774",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2774",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2774",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2774",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2774",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2774",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2774",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2774",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2774",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "294",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 165.254.134.240": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4838",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.240"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7614",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.89"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 165.254.16.90": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3676",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.90"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 165.254.16.94": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4084",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.94"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4641",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.244"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 165.254.134.246": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "218",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.246"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.232": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2322",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.232"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4774",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:52:51.705423000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508460771.705423000",
+ "frame.time_delta": "3.937809000",
+ "frame.time_delta_displayed": "900.009873000",
+ "frame.time_relative": "3059.300219000",
+ "frame.number": "2958",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000b28e",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000062f",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "59344",
+ "udp.dstport": "53",
+ "udp.port": "59344",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x00007159",
+ "udp.checksum.status": "2",
+ "udp.stream": "72"
+ },
+ "dns": {
+ "dns.response_in": "2959",
+ "dns.id": "0x0000048e",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 17:52:51.715857000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508460771.715857000",
+ "frame.time_delta": "0.010434000",
+ "frame.time_delta_displayed": "0.010434000",
+ "frame.time_relative": "3059.310653000",
+ "frame.number": "2959",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000ca5c",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000ecab",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "59344",
+ "udp.port": "53",
+ "udp.port": "59344",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "72"
+ },
+ "dns": {
+ "dns.response_to": "2958",
+ "dns.time": "0.010434000",
+ "dns.id": "0x0000048e",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "116",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "10613",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.113"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2787",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2787",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2787",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2787",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2787",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2787",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2787",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2787",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2787",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1095",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7816",
+ "dns.resp.len": "4",
+ "dns.a": "184.51.200.159"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "316",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.229"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.241": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "500",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.241"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5409",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.244"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.33": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1157",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.33"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "954",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.95"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.239": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1018",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.239"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5792",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:07:51.725149000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508461671.725149000",
+ "frame.time_delta": "2.951813000",
+ "frame.time_delta_displayed": "900.009292000",
+ "frame.time_relative": "3959.319945000",
+ "frame.number": "3816",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000ba5a",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000fe62",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "34709",
+ "udp.dstport": "53",
+ "udp.port": "34709",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000d193",
+ "udp.checksum.status": "2",
+ "udp.stream": "84"
+ },
+ "dns": {
+ "dns.response_in": "3817",
+ "dns.id": "0x0000048f",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:07:51.735281000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508461671.735281000",
+ "frame.time_delta": "0.010132000",
+ "frame.time_delta_displayed": "0.010132000",
+ "frame.time_relative": "3959.330077000",
+ "frame.number": "3817",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00004a90",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00006c78",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "34709",
+ "udp.port": "53",
+ "udp.port": "34709",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "84"
+ },
+ "dns": {
+ "dns.response_to": "3816",
+ "dns.time": "0.010132000",
+ "dns.id": "0x0000048f",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "142",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "11311",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.113"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "974",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "974",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "974",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "974",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "974",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "974",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "974",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "974",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "974",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2496",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 165.254.134.240": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3038",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.240"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5814",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.89"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 165.254.16.90": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1876",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.90"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 165.254.16.94": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2284",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.94"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2841",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.244"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.93": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2419",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.93"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.232": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "522",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.232"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2974",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:12:56.852097000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508461976.852097000",
+ "frame.time_delta": "3.045152000",
+ "frame.time_delta_displayed": "305.116816000",
+ "frame.time_relative": "4264.446893000",
+ "frame.number": "5571",
+ "frame.len": "83",
+ "frame.cap_len": "83",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "69",
+ "ip.id": "0x0000f879",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000c03c",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "46881",
+ "udp.dstport": "53",
+ "udp.port": "46881",
+ "udp.port": "53",
+ "udp.length": "49",
+ "udp.checksum": "0x0000d1bd",
+ "udp.checksum.status": "2",
+ "udp.stream": "89"
+ },
+ "dns": {
+ "dns.response_in": "5572",
+ "dns.id": "0x00000490",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "diagnostics.meethue.com: type A, class IN": {
+ "dns.qry.name": "diagnostics.meethue.com",
+ "dns.qry.name.len": "23",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:12:56.936468000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508461976.936468000",
+ "frame.time_delta": "0.084371000",
+ "frame.time_delta_displayed": "0.084371000",
+ "frame.time_relative": "4264.531264000",
+ "frame.number": "5572",
+ "frame.len": "297",
+ "frame.cap_len": "297",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "283",
+ "ip.id": "0x00008c6e",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00002b72",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "46881",
+ "udp.port": "53",
+ "udp.port": "46881",
+ "udp.length": "263",
+ "udp.checksum": "0x0000830a",
+ "udp.checksum.status": "2",
+ "udp.stream": "89"
+ },
+ "dns": {
+ "dns.response_to": "5571",
+ "dns.time": "0.084371000",
+ "dns.id": "0x00000490",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "6",
+ "Queries": {
+ "diagnostics.meethue.com: type A, class IN": {
+ "dns.qry.name": "diagnostics.meethue.com",
+ "dns.qry.name.len": "23",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "diagnostics.meethue.com: type A, class IN, addr 130.211.67.12": {
+ "dns.resp.name": "diagnostics.meethue.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "300",
+ "dns.resp.len": "4",
+ "dns.a": "130.211.67.12"
+ }
+ },
+ "Authoritative nameservers": {
+ "meethue.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "meethue.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3600",
+ "dns.resp.len": "18",
+ "dns.ns": "ns2.ext.philips.com"
+ },
+ "meethue.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "meethue.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3600",
+ "dns.resp.len": "6",
+ "dns.ns": "ns3.ext.philips.com"
+ },
+ "meethue.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "meethue.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3600",
+ "dns.resp.len": "6",
+ "dns.ns": "ns1.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "172800",
+ "dns.resp.len": "4",
+ "dns.a": "57.67.40.20"
+ },
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "172800",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "172800",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2611",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "62777",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "62777",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:22:51.746902000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508462571.746902000",
+ "frame.time_delta": "2.037142000",
+ "frame.time_delta_displayed": "594.810434000",
+ "frame.time_relative": "4859.341698000",
+ "frame.number": "6175",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000f884",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000c038",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "54444",
+ "udp.dstport": "53",
+ "udp.port": "54444",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000847a",
+ "udp.checksum.status": "2",
+ "udp.stream": "97"
+ },
+ "dns": {
+ "dns.response_in": "6176",
+ "dns.id": "0x00000491",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:22:51.772932000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508462571.772932000",
+ "frame.time_delta": "0.026030000",
+ "frame.time_delta_displayed": "0.026030000",
+ "frame.time_relative": "4859.367728000",
+ "frame.number": "6176",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00004cfa",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00006a0e",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "54444",
+ "udp.port": "53",
+ "udp.port": "54444",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "97"
+ },
+ "dns": {
+ "dns.response_to": "6175",
+ "dns.time": "0.026030000",
+ "dns.id": "0x00000491",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "116",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "8813",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.113"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "987",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "987",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "987",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "987",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "987",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "987",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "987",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "987",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "987",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3296",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6016",
+ "dns.resp.len": "4",
+ "dns.a": "184.51.200.159"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6518",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.188"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.190": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2701",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.190"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3609",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.244"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7358",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.89"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 184.51.200.166": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3156",
+ "dns.resp.len": "4",
+ "dns.a": "184.51.200.166"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5219",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.92"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3992",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:33:21.624384000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508463201.624384000",
+ "frame.time_delta": "0.266457000",
+ "frame.time_delta_displayed": "629.851452000",
+ "frame.time_relative": "5489.219180000",
+ "frame.number": "6744",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000bf31",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000f988",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "37292",
+ "udp.dstport": "53",
+ "udp.port": "37292",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00002eff",
+ "udp.checksum.status": "2",
+ "udp.stream": "102"
+ },
+ "dns": {
+ "dns.response_in": "6745",
+ "dns.id": "0x00000492",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:33:21.626468000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508463201.626468000",
+ "frame.time_delta": "0.002084000",
+ "frame.time_delta_displayed": "0.002084000",
+ "frame.time_relative": "5489.221264000",
+ "frame.number": "6745",
+ "frame.len": "137",
+ "frame.cap_len": "137",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "123",
+ "ip.id": "0x00003f71",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000790f",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "37292",
+ "udp.port": "53",
+ "udp.port": "37292",
+ "udp.length": "103",
+ "udp.checksum": "0x0000826a",
+ "udp.checksum.status": "2",
+ "udp.stream": "102"
+ },
+ "dns": {
+ "dns.response_to": "6744",
+ "dns.time": "0.002084000",
+ "dns.id": "0x00000492",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "1",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "6",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3220",
+ "dns.resp.len": "46",
+ "dns.soa.mname": "ns1.ext.philips.com",
+ "dns.soa.rname": "ddi-authority.philips.com",
+ "dns.soa.serial_number": "387",
+ "dns.soa.refresh_interval": "1200",
+ "dns.soa.retry_interval": "300",
+ "dns.soa.expire_limit": "1209600",
+ "dns.soa.mininum_ttl": "3600"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:33:21.627301000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508463201.627301000",
+ "frame.time_delta": "0.000833000",
+ "frame.time_delta_displayed": "0.000833000",
+ "frame.time_relative": "5489.222097000",
+ "frame.number": "6746",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000bf32",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000f987",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "54874",
+ "udp.dstport": "53",
+ "udp.port": "54874",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00000550",
+ "udp.checksum.status": "2",
+ "udp.stream": "103"
+ },
+ "dns": {
+ "dns.response_in": "6747",
+ "dns.id": "0x00000493",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:33:21.628812000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508463201.628812000",
+ "frame.time_delta": "0.001511000",
+ "frame.time_delta_displayed": "0.001511000",
+ "frame.time_relative": "5489.223608000",
+ "frame.number": "6747",
+ "frame.len": "285",
+ "frame.cap_len": "285",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "271",
+ "ip.id": "0x00003f72",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000787a",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "54874",
+ "udp.port": "53",
+ "udp.port": "54874",
+ "udp.length": "251",
+ "udp.checksum": "0x000082fe",
+ "udp.checksum.status": "2",
+ "udp.stream": "103"
+ },
+ "dns": {
+ "dns.response_to": "6746",
+ "dns.time": "0.001511000",
+ "dns.id": "0x00000493",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "6",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2985",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "413",
+ "dns.resp.len": "10",
+ "dns.ns": "ns1.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "413",
+ "dns.resp.len": "6",
+ "dns.ns": "ns2.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "413",
+ "dns.resp.len": "6",
+ "dns.ns": "ns3.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "171575",
+ "dns.resp.len": "4",
+ "dns.a": "57.67.40.20"
+ },
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "171575",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "171575",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1386",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "61552",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "61552",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:33:22.044352000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508463202.044352000",
+ "frame.time_delta": "0.001668000",
+ "frame.time_delta_displayed": "0.415540000",
+ "frame.time_relative": "5489.639148000",
+ "frame.number": "6763",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000bf41",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000f978",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "55176",
+ "udp.dstport": "53",
+ "udp.port": "55176",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000e920",
+ "udp.checksum.status": "2",
+ "udp.stream": "104"
+ },
+ "dns": {
+ "dns.response_in": "6764",
+ "dns.id": "0x00000494",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:33:22.044953000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508463202.044953000",
+ "frame.time_delta": "0.000601000",
+ "frame.time_delta_displayed": "0.000601000",
+ "frame.time_relative": "5489.639749000",
+ "frame.number": "6764",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00003f96",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00007924",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "55176",
+ "udp.port": "53",
+ "udp.port": "55176",
+ "udp.length": "45",
+ "udp.checksum": "0x00008230",
+ "udp.checksum.status": "2",
+ "udp.stream": "104"
+ },
+ "dns": {
+ "dns.response_to": "6763",
+ "dns.time": "0.000601000",
+ "dns.id": "0x00000494",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:33:22.045769000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508463202.045769000",
+ "frame.time_delta": "0.000816000",
+ "frame.time_delta_displayed": "0.000816000",
+ "frame.time_relative": "5489.640565000",
+ "frame.number": "6765",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000bf42",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000f977",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "60660",
+ "udp.dstport": "53",
+ "udp.port": "60660",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000eeb3",
+ "udp.checksum.status": "2",
+ "udp.stream": "105"
+ },
+ "dns": {
+ "dns.response_in": "6766",
+ "dns.id": "0x00000495",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:33:22.046379000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508463202.046379000",
+ "frame.time_delta": "0.000610000",
+ "frame.time_delta_displayed": "0.000610000",
+ "frame.time_relative": "5489.641175000",
+ "frame.number": "6766",
+ "frame.len": "95",
+ "frame.cap_len": "95",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "81",
+ "ip.id": "0x00003f97",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00007913",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "60660",
+ "udp.port": "53",
+ "udp.port": "60660",
+ "udp.length": "61",
+ "udp.checksum": "0x00008240",
+ "udp.checksum.status": "2",
+ "udp.stream": "105"
+ },
+ "dns": {
+ "dns.response_to": "6765",
+ "dns.time": "0.000610000",
+ "dns.id": "0x00000495",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2984",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:37:51.778249000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508463471.778249000",
+ "frame.time_delta": "3.324074000",
+ "frame.time_delta_displayed": "269.731870000",
+ "frame.time_relative": "5759.373045000",
+ "frame.number": "7048",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00001dd7",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00009ae6",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "36809",
+ "udp.dstport": "53",
+ "udp.port": "36809",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000c958",
+ "udp.checksum.status": "2",
+ "udp.stream": "113"
+ },
+ "dns": {
+ "dns.response_in": "7049",
+ "dns.id": "0x00000496",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:37:51.799436000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508463471.799436000",
+ "frame.time_delta": "0.021187000",
+ "frame.time_delta_displayed": "0.021187000",
+ "frame.time_relative": "5759.394232000",
+ "frame.number": "7049",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000431d",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000073eb",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "36809",
+ "udp.port": "53",
+ "udp.port": "36809",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "113"
+ },
+ "dns": {
+ "dns.response_to": "7048",
+ "dns.time": "0.021187000",
+ "dns.id": "0x00000496",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "116",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7913",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.113"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "87",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "87",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "87",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "87",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "87",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "87",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "87",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "87",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "87",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2396",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5116",
+ "dns.resp.len": "4",
+ "dns.a": "184.51.200.159"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5618",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.188"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.190": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1801",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.190"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2709",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.244"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6458",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.89"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 184.51.200.166": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2256",
+ "dns.resp.len": "4",
+ "dns.a": "184.51.200.166"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4319",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.92"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3092",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:52:51.807701000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508464371.807701000",
+ "frame.time_delta": "0.379478000",
+ "frame.time_delta_displayed": "900.008265000",
+ "frame.time_relative": "6659.402497000",
+ "frame.number": "7913",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00009e02",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00001abb",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "47598",
+ "udp.dstport": "53",
+ "udp.port": "47598",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x00009f32",
+ "udp.checksum.status": "2",
+ "udp.stream": "123"
+ },
+ "dns": {
+ "dns.response_in": "7914",
+ "dns.id": "0x00000497",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 18:52:51.814443000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508464371.814443000",
+ "frame.time_delta": "0.006742000",
+ "frame.time_delta_displayed": "0.006742000",
+ "frame.time_relative": "6659.409239000",
+ "frame.number": "7914",
+ "frame.len": "467",
+ "frame.cap_len": "467",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "453",
+ "ip.id": "0x0000e205",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000d530",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "47598",
+ "udp.port": "53",
+ "udp.port": "47598",
+ "udp.length": "433",
+ "udp.checksum": "0x000083b4",
+ "udp.checksum.status": "2",
+ "udp.stream": "123"
+ },
+ "dns": {
+ "dns.response_to": "7913",
+ "dns.time": "0.006742000",
+ "dns.id": "0x00000497",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "8",
+ "dns.count.add_rr": "8",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "142",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "8611",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.113"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "275",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "275",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "275",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "275",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "275",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "275",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "275",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "275",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3797",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 165.254.134.240": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "338",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.240"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3114",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.89"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3177",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.229"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5586",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.230"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "141",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.244"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 173.197.192.234": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3720",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.234"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3824",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.92"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:07:51.823654000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508465271.823654000",
+ "frame.time_delta": "3.748666000",
+ "frame.time_delta_displayed": "900.009211000",
+ "frame.time_relative": "7559.418450000",
+ "frame.number": "8671",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000e910",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000cfac",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "33804",
+ "udp.dstport": "53",
+ "udp.port": "33804",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000d513",
+ "udp.checksum.status": "2",
+ "udp.stream": "132"
+ },
+ "dns": {
+ "dns.response_in": "8672",
+ "dns.id": "0x00000498",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:07:51.884431000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508465271.884431000",
+ "frame.time_delta": "0.060777000",
+ "frame.time_delta_displayed": "0.060777000",
+ "frame.time_relative": "7559.479227000",
+ "frame.number": "8672",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00004cdb",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00006a2d",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "33804",
+ "udp.port": "53",
+ "udp.port": "33804",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "132"
+ },
+ "dns": {
+ "dns.response_to": "8671",
+ "dns.time": "0.060777000",
+ "dns.id": "0x00000498",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "116",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6113",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.73": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.73"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.2": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.2"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2288",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2288",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2288",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2288",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2288",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2288",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2288",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2288",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2288",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "596",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3316",
+ "dns.resp.len": "4",
+ "dns.a": "184.51.200.159"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3818",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.188"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.190": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.190"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 165.254.134.244": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "909",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.244"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4658",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.89"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 184.51.200.166": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "456",
+ "dns.resp.len": "4",
+ "dns.a": "184.51.200.166"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2519",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.92"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1292",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:22:51.895282000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508466171.895282000",
+ "frame.time_delta": "7.109343000",
+ "frame.time_delta_displayed": "900.010851000",
+ "frame.time_relative": "8459.490078000",
+ "frame.number": "9475",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000ffbc",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000b900",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "33283",
+ "udp.dstport": "53",
+ "udp.port": "33283",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000d71b",
+ "udp.checksum.status": "2",
+ "udp.stream": "144"
+ },
+ "dns": {
+ "dns.response_in": "9476",
+ "dns.id": "0x00000499",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:22:51.906565000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508466171.906565000",
+ "frame.time_delta": "0.011283000",
+ "frame.time_delta_displayed": "0.011283000",
+ "frame.time_relative": "8459.501361000",
+ "frame.number": "9476",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000a915",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00000df3",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "33283",
+ "udp.port": "53",
+ "udp.port": "33283",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "144"
+ },
+ "dns": {
+ "dns.response_to": "9475",
+ "dns.time": "0.011283000",
+ "dns.id": "0x00000499",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "142",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6811",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2475",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2475",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2475",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2475",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2475",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2475",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2475",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2475",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2475",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1997",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6539",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1314",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.89"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1377",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.229"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3786",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.230"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.37": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6342",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.37"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 173.197.192.234": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1920",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.234"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2024",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.92"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4475",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:33:22.239450000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508466802.239450000",
+ "frame.time_delta": "4.788057000",
+ "frame.time_delta_displayed": "630.332885000",
+ "frame.time_relative": "9089.834246000",
+ "frame.number": "10050",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000751c",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000439e",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "51418",
+ "udp.dstport": "53",
+ "udp.port": "51418",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000f7c8",
+ "udp.checksum.status": "2",
+ "udp.stream": "151"
+ },
+ "dns": {
+ "dns.response_in": "10051",
+ "dns.id": "0x0000049a",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:33:22.241425000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508466802.241425000",
+ "frame.time_delta": "0.001975000",
+ "frame.time_delta_displayed": "0.001975000",
+ "frame.time_relative": "9089.836221000",
+ "frame.number": "10051",
+ "frame.len": "137",
+ "frame.cap_len": "137",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "123",
+ "ip.id": "0x000030bf",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000087c1",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "51418",
+ "udp.port": "53",
+ "udp.port": "51418",
+ "udp.length": "103",
+ "udp.checksum": "0x0000826a",
+ "udp.checksum.status": "2",
+ "udp.stream": "151"
+ },
+ "dns": {
+ "dns.response_to": "10050",
+ "dns.time": "0.001975000",
+ "dns.id": "0x0000049a",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "1",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "6",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1786",
+ "dns.resp.len": "46",
+ "dns.soa.mname": "ns1.ext.philips.com",
+ "dns.soa.rname": "ddi-authority.philips.com",
+ "dns.soa.serial_number": "387",
+ "dns.soa.refresh_interval": "1200",
+ "dns.soa.retry_interval": "300",
+ "dns.soa.expire_limit": "1209600",
+ "dns.soa.mininum_ttl": "3600"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:33:22.242432000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508466802.242432000",
+ "frame.time_delta": "0.001007000",
+ "frame.time_delta_displayed": "0.001007000",
+ "frame.time_relative": "9089.837228000",
+ "frame.number": "10052",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000751d",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000439d",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "60729",
+ "udp.dstport": "53",
+ "udp.port": "60729",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000ee68",
+ "udp.checksum.status": "2",
+ "udp.stream": "152"
+ },
+ "dns": {
+ "dns.response_in": "10053",
+ "dns.id": "0x0000049b",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:33:22.244090000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508466802.244090000",
+ "frame.time_delta": "0.001658000",
+ "frame.time_delta_displayed": "0.001658000",
+ "frame.time_relative": "9089.838886000",
+ "frame.number": "10053",
+ "frame.len": "285",
+ "frame.cap_len": "285",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "271",
+ "ip.id": "0x000030c0",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000872c",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "60729",
+ "udp.port": "53",
+ "udp.port": "60729",
+ "udp.length": "251",
+ "udp.checksum": "0x000082fe",
+ "udp.checksum.status": "2",
+ "udp.stream": "152"
+ },
+ "dns": {
+ "dns.response_to": "10052",
+ "dns.time": "0.001658000",
+ "dns.id": "0x0000049b",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "6",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1786",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1786",
+ "dns.resp.len": "10",
+ "dns.ns": "ns1.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1786",
+ "dns.resp.len": "6",
+ "dns.ns": "ns3.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1786",
+ "dns.resp.len": "6",
+ "dns.ns": "ns2.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "147808",
+ "dns.resp.len": "4",
+ "dns.a": "57.67.40.20"
+ },
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "172526",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "172526",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "151427",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "144000",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "144000",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:33:22.660387000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508466802.660387000",
+ "frame.time_delta": "0.001051000",
+ "frame.time_delta_displayed": "0.416297000",
+ "frame.time_relative": "9090.255183000",
+ "frame.number": "10069",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00007547",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00004373",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "46220",
+ "udp.dstport": "53",
+ "udp.port": "46220",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00000c15",
+ "udp.checksum.status": "2",
+ "udp.stream": "153"
+ },
+ "dns": {
+ "dns.response_in": "10070",
+ "dns.id": "0x0000049c",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:33:22.660954000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508466802.660954000",
+ "frame.time_delta": "0.000567000",
+ "frame.time_delta_displayed": "0.000567000",
+ "frame.time_relative": "9090.255750000",
+ "frame.number": "10070",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x000030d6",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000087e4",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "46220",
+ "udp.port": "53",
+ "udp.port": "46220",
+ "udp.length": "45",
+ "udp.checksum": "0x00008230",
+ "udp.checksum.status": "2",
+ "udp.stream": "153"
+ },
+ "dns": {
+ "dns.response_to": "10069",
+ "dns.time": "0.000567000",
+ "dns.id": "0x0000049c",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:33:22.661749000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508466802.661749000",
+ "frame.time_delta": "0.000795000",
+ "frame.time_delta_displayed": "0.000795000",
+ "frame.time_relative": "9090.256545000",
+ "frame.number": "10071",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00007548",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00004372",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "51255",
+ "udp.dstport": "53",
+ "udp.port": "51255",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00001369",
+ "udp.checksum.status": "2",
+ "udp.stream": "154"
+ },
+ "dns": {
+ "dns.response_in": "10072",
+ "dns.id": "0x0000049d",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:33:22.662301000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508466802.662301000",
+ "frame.time_delta": "0.000552000",
+ "frame.time_delta_displayed": "0.000552000",
+ "frame.time_relative": "9090.257097000",
+ "frame.number": "10072",
+ "frame.len": "95",
+ "frame.cap_len": "95",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "81",
+ "ip.id": "0x000030d7",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000087d3",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "51255",
+ "udp.port": "53",
+ "udp.port": "51255",
+ "udp.length": "61",
+ "udp.checksum": "0x00008240",
+ "udp.checksum.status": "2",
+ "udp.stream": "154"
+ },
+ "dns": {
+ "dns.response_to": "10071",
+ "dns.time": "0.000552000",
+ "dns.id": "0x0000049d",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1786",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:37:51.914199000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508467071.914199000",
+ "frame.time_delta": "0.065381000",
+ "frame.time_delta_displayed": "269.251898000",
+ "frame.time_relative": "9359.508995000",
+ "frame.number": "10287",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x000089fd",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00002ec0",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "41837",
+ "udp.dstport": "53",
+ "udp.port": "41837",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000b5ac",
+ "udp.checksum.status": "2",
+ "udp.stream": "155"
+ },
+ "dns": {
+ "dns.response_in": "10288",
+ "dns.id": "0x0000049e",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:37:51.978100000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508467071.978100000",
+ "frame.time_delta": "0.063901000",
+ "frame.time_delta_displayed": "0.063901000",
+ "frame.time_relative": "9359.572896000",
+ "frame.number": "10288",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00008e7d",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000288b",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "41837",
+ "udp.port": "53",
+ "udp.port": "41837",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "155"
+ },
+ "dns": {
+ "dns.response_to": "10287",
+ "dns.time": "0.063901000",
+ "dns.id": "0x0000049e",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "117",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4313",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "488",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "488",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "488",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "488",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "488",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "488",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "488",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "488",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "488",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2799",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1516",
+ "dns.resp.len": "4",
+ "dns.a": "184.51.200.159"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2018",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.188"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 204.1.137.33": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2202",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.33"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5110",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.230"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2858",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.89"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2660",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.188"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "719",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.92"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5496",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:52:51.985173000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508467971.985173000",
+ "frame.time_delta": "0.373714000",
+ "frame.time_delta_displayed": "900.007073000",
+ "frame.time_relative": "10259.579969000",
+ "frame.number": "11065",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000b24b",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00000672",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "33682",
+ "udp.dstport": "53",
+ "udp.port": "33682",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000d586",
+ "udp.checksum.status": "2",
+ "udp.stream": "163"
+ },
+ "dns": {
+ "dns.response_in": "11066",
+ "dns.id": "0x0000049f",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 19:52:52.048951000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508467972.048951000",
+ "frame.time_delta": "0.063778000",
+ "frame.time_delta_displayed": "0.063778000",
+ "frame.time_relative": "10259.643747000",
+ "frame.number": "11066",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00008dbf",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00002949",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "33682",
+ "udp.port": "53",
+ "udp.port": "33682",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "163"
+ },
+ "dns": {
+ "dns.response_to": "11065",
+ "dns.time": "0.063778000",
+ "dns.id": "0x0000049f",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "117",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3413",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.73": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.73"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.2": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.2"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3589",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3589",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3589",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3589",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3589",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3589",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3589",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3589",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3589",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1898",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "615",
+ "dns.resp.len": "4",
+ "dns.a": "184.51.200.159"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1117",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.188"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 204.1.137.33": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1301",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.33"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4209",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.230"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1957",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.89"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1759",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.188"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 173.197.192.237": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5819",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.237"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4595",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 20:07:52.060309000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508468872.060309000",
+ "frame.time_delta": "0.486449000",
+ "frame.time_delta_displayed": "900.011358000",
+ "frame.time_relative": "11159.655105000",
+ "frame.number": "11855",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000fdee",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000bace",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "49312",
+ "udp.dstport": "53",
+ "udp.port": "49312",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x00009877",
+ "udp.checksum.status": "2",
+ "udp.stream": "171"
+ },
+ "dns": {
+ "dns.response_in": "11856",
+ "dns.id": "0x000004a0",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 20:07:52.067203000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508468872.067203000",
+ "frame.time_delta": "0.006894000",
+ "frame.time_delta_displayed": "0.006894000",
+ "frame.time_relative": "11159.661999000",
+ "frame.number": "11856",
+ "frame.len": "467",
+ "frame.cap_len": "467",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "453",
+ "ip.id": "0x0000b190",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000005a6",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "49312",
+ "udp.port": "53",
+ "udp.port": "49312",
+ "udp.length": "433",
+ "udp.checksum": "0x000083b4",
+ "udp.checksum.status": "2",
+ "udp.stream": "171"
+ },
+ "dns": {
+ "dns.response_to": "11855",
+ "dns.time": "0.006894000",
+ "dns.id": "0x000004a0",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "8",
+ "dns.count.add_rr": "8",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "141",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4110",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "774",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "774",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "774",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "774",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "774",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "774",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "774",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "774",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3298",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3838",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.233": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6614",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.233"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2677",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.229"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1085",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.230"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.37": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3641",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.37"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3220",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.37": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5325",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.37"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 20:22:52.076126000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508469772.076126000",
+ "frame.time_delta": "0.590869000",
+ "frame.time_delta_displayed": "900.008923000",
+ "frame.time_relative": "12059.670922000",
+ "frame.number": "12657",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000a2db",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000015e2",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53703",
+ "udp.dstport": "53",
+ "udp.port": "53703",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000874f",
+ "udp.checksum.status": "2",
+ "udp.stream": "177"
+ },
+ "dns": {
+ "dns.response_in": "12658",
+ "dns.id": "0x000004a1",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 20:22:52.112051000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508469772.112051000",
+ "frame.time_delta": "0.035925000",
+ "frame.time_delta_displayed": "0.035925000",
+ "frame.time_relative": "12059.706847000",
+ "frame.number": "12658",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000ccc6",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000ea41",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "53703",
+ "udp.port": "53",
+ "udp.port": "53703",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "177"
+ },
+ "dns": {
+ "dns.response_to": "12657",
+ "dns.time": "0.035925000",
+ "dns.id": "0x000004a1",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "116",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1612",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.2": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.2"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.73": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.73"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1789",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1789",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1789",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1789",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1789",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1789",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1789",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1789",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1789",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "98",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6816",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.208"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 198.172.88.208": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7318",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.208"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 198.172.88.200": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3503",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.200"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2409",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.230"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "157",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.89"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 198.172.88.205": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3960",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.205"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 173.197.192.237": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4019",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.237"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2795",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 20:33:22.842206000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508470402.842206000",
+ "frame.time_delta": "0.384116000",
+ "frame.time_delta_displayed": "630.730155000",
+ "frame.time_relative": "12690.437002000",
+ "frame.number": "13303",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000dd6f",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000db4a",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "44754",
+ "udp.dstport": "53",
+ "udp.port": "44754",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x000011c9",
+ "udp.checksum.status": "2",
+ "udp.stream": "184"
+ },
+ "dns": {
+ "dns.response_in": "13304",
+ "dns.id": "0x000004a2",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 20:33:22.844183000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508470402.844183000",
+ "frame.time_delta": "0.001977000",
+ "frame.time_delta_displayed": "0.001977000",
+ "frame.time_relative": "12690.438979000",
+ "frame.number": "13304",
+ "frame.len": "137",
+ "frame.cap_len": "137",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "123",
+ "ip.id": "0x00000246",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000b63a",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "44754",
+ "udp.port": "53",
+ "udp.port": "44754",
+ "udp.length": "103",
+ "udp.checksum": "0x0000826a",
+ "udp.checksum.status": "2",
+ "udp.stream": "184"
+ },
+ "dns": {
+ "dns.response_to": "13303",
+ "dns.time": "0.001977000",
+ "dns.id": "0x000004a2",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "1",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "6",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3219",
+ "dns.resp.len": "46",
+ "dns.soa.mname": "ns1.ext.philips.com",
+ "dns.soa.rname": "ddi-authority.philips.com",
+ "dns.soa.serial_number": "387",
+ "dns.soa.refresh_interval": "1200",
+ "dns.soa.retry_interval": "300",
+ "dns.soa.expire_limit": "1209600",
+ "dns.soa.mininum_ttl": "3600"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 20:33:22.846468000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508470402.846468000",
+ "frame.time_delta": "0.002285000",
+ "frame.time_delta_displayed": "0.002285000",
+ "frame.time_relative": "12690.441264000",
+ "frame.number": "13305",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000dd70",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000db49",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "35982",
+ "udp.dstport": "53",
+ "udp.port": "35982",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00004f0c",
+ "udp.checksum.status": "2",
+ "udp.stream": "185"
+ },
+ "dns": {
+ "dns.response_in": "13306",
+ "dns.id": "0x000004a3",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 20:33:22.848081000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508470402.848081000",
+ "frame.time_delta": "0.001613000",
+ "frame.time_delta_displayed": "0.001613000",
+ "frame.time_relative": "12690.442877000",
+ "frame.number": "13306",
+ "frame.len": "285",
+ "frame.cap_len": "285",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "271",
+ "ip.id": "0x00000247",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000b5a5",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "35982",
+ "udp.port": "53",
+ "udp.port": "35982",
+ "udp.length": "251",
+ "udp.checksum": "0x000082fe",
+ "udp.checksum.status": "2",
+ "udp.stream": "185"
+ },
+ "dns": {
+ "dns.response_to": "13305",
+ "dns.time": "0.001613000",
+ "dns.id": "0x000004a3",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "6",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3161",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "645",
+ "dns.resp.len": "10",
+ "dns.ns": "ns3.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "645",
+ "dns.resp.len": "6",
+ "dns.ns": "ns2.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "645",
+ "dns.resp.len": "6",
+ "dns.ns": "ns1.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "856",
+ "dns.resp.len": "4",
+ "dns.a": "57.67.40.20"
+ },
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "164374",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "164374",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2117",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "54351",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "54351",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 20:33:23.264573000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508470403.264573000",
+ "frame.time_delta": "0.001337000",
+ "frame.time_delta_displayed": "0.416492000",
+ "frame.time_relative": "12690.859369000",
+ "frame.number": "13322",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000dd71",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000db48",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "56095",
+ "udp.dstport": "53",
+ "udp.port": "56095",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000e579",
+ "udp.checksum.status": "2",
+ "udp.stream": "186"
+ },
+ "dns": {
+ "dns.response_in": "13323",
+ "dns.id": "0x000004a4",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 20:33:23.265148000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508470403.265148000",
+ "frame.time_delta": "0.000575000",
+ "frame.time_delta_displayed": "0.000575000",
+ "frame.time_relative": "12690.859944000",
+ "frame.number": "13323",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000026e",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000b64c",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "56095",
+ "udp.port": "53",
+ "udp.port": "56095",
+ "udp.length": "45",
+ "udp.checksum": "0x00008230",
+ "udp.checksum.status": "2",
+ "udp.stream": "186"
+ },
+ "dns": {
+ "dns.response_to": "13322",
+ "dns.time": "0.000575000",
+ "dns.id": "0x000004a4",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 20:33:23.266041000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508470403.266041000",
+ "frame.time_delta": "0.000893000",
+ "frame.time_delta_displayed": "0.000893000",
+ "frame.time_relative": "12690.860837000",
+ "frame.number": "13324",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000dd72",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000db47",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "41786",
+ "udp.dstport": "53",
+ "udp.port": "41786",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000385e",
+ "udp.checksum.status": "2",
+ "udp.stream": "187"
+ },
+ "dns": {
+ "dns.response_in": "13325",
+ "dns.id": "0x000004a5",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 20:33:23.266579000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508470403.266579000",
+ "frame.time_delta": "0.000538000",
+ "frame.time_delta_displayed": "0.000538000",
+ "frame.time_relative": "12690.861375000",
+ "frame.number": "13325",
+ "frame.len": "95",
+ "frame.cap_len": "95",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "81",
+ "ip.id": "0x0000026f",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000b63b",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "41786",
+ "udp.port": "53",
+ "udp.port": "41786",
+ "udp.length": "61",
+ "udp.checksum": "0x00008240",
+ "udp.checksum.status": "2",
+ "udp.stream": "187"
+ },
+ "dns": {
+ "dns.response_to": "13324",
+ "dns.time": "0.000538000",
+ "dns.id": "0x000004a5",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3160",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 20:37:52.120059000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508470672.120059000",
+ "frame.time_delta": "0.625668000",
+ "frame.time_delta_displayed": "268.853480000",
+ "frame.time_relative": "12959.714855000",
+ "frame.number": "13582",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00002649",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00009274",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "54738",
+ "udp.dstport": "53",
+ "udp.port": "54738",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000833f",
+ "udp.checksum.status": "2",
+ "udp.stream": "188"
+ },
+ "dns": {
+ "dns.response_in": "13583",
+ "dns.id": "0x000004a6",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 20:37:52.140960000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508470672.140960000",
+ "frame.time_delta": "0.020901000",
+ "frame.time_delta_displayed": "0.020901000",
+ "frame.time_relative": "12959.735756000",
+ "frame.number": "13583",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00004310",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000073f8",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "54738",
+ "udp.port": "53",
+ "udp.port": "54738",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "188"
+ },
+ "dns": {
+ "dns.response_to": "13582",
+ "dns.time": "0.020901000",
+ "dns.id": "0x000004a6",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "116",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "712",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "889",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "889",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "889",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "889",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "889",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "889",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "889",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "889",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "889",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3199",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5916",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.208"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 198.172.88.208": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6418",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.208"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 198.172.88.200": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2603",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.200"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1509",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.230"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.206": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7258",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.206"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 198.172.88.205": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3060",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.205"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 173.197.192.237": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3119",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.237"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1895",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 20:52:52.147811000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508471572.147811000",
+ "frame.time_delta": "0.719415000",
+ "frame.time_delta_displayed": "900.006851000",
+ "frame.time_relative": "13859.742607000",
+ "frame.number": "14361",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000e5bd",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000d2ff",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "55123",
+ "udp.dstport": "53",
+ "udp.port": "55123",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x000081bd",
+ "udp.checksum.status": "2",
+ "udp.stream": "197"
+ },
+ "dns": {
+ "dns.response_in": "14362",
+ "dns.id": "0x000004a7",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 20:52:52.212985000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508471572.212985000",
+ "frame.time_delta": "0.065174000",
+ "frame.time_delta_displayed": "0.065174000",
+ "frame.time_relative": "13859.807781000",
+ "frame.number": "14362",
+ "frame.len": "467",
+ "frame.cap_len": "467",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "453",
+ "ip.id": "0x00004fa4",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00006792",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "55123",
+ "udp.port": "53",
+ "udp.port": "55123",
+ "udp.length": "433",
+ "udp.checksum": "0x000083b4",
+ "udp.checksum.status": "2",
+ "udp.stream": "197"
+ },
+ "dns": {
+ "dns.response_to": "14361",
+ "dns.time": "0.065174000",
+ "dns.id": "0x000004a7",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "8",
+ "dns.count.add_rr": "8",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "117",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "21417",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "989",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "989",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "989",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "989",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "989",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "989",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "989",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "989",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2299",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5016",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.208"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 198.172.88.208": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5518",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.208"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 198.172.88.200": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1703",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.200"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "609",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.230"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.206": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6358",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.206"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 198.172.88.205": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2160",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.205"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 173.197.192.237": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2219",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.237"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 21:07:52.219360000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508472472.219360000",
+ "frame.time_delta": "0.606095000",
+ "frame.time_delta_displayed": "900.006375000",
+ "frame.time_relative": "14759.814156000",
+ "frame.number": "15111",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000c5af",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000f30d",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "44889",
+ "udp.dstport": "53",
+ "udp.port": "44889",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000a9b6",
+ "udp.checksum.status": "2",
+ "udp.stream": "205"
+ },
+ "dns": {
+ "dns.response_in": "15112",
+ "dns.id": "0x000004a8",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 21:07:52.306389000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508472472.306389000",
+ "frame.time_delta": "0.087029000",
+ "frame.time_delta_displayed": "0.087029000",
+ "frame.time_relative": "14759.901185000",
+ "frame.number": "15112",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000a365",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000013a3",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "44889",
+ "udp.port": "53",
+ "udp.port": "44889",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "205"
+ },
+ "dns": {
+ "dns.response_to": "15111",
+ "dns.time": "0.087029000",
+ "dns.id": "0x000004a8",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "300",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "510",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1174",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1174",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1174",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1174",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1174",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1174",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1174",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1174",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1174",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3699",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "238",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.233": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3014",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.233"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3078",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.229"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.203": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3486",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.203"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.37": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "41",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.37"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3621",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.95"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.37": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1725",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.37"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4177",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 21:22:52.395472000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508473372.395472000",
+ "frame.time_delta": "3.711619000",
+ "frame.time_delta_displayed": "900.089083000",
+ "frame.time_relative": "15659.990268000",
+ "frame.number": "15884",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x000043a6",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00007517",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53892",
+ "udp.dstport": "53",
+ "udp.port": "53892",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000868a",
+ "udp.checksum.status": "2",
+ "udp.stream": "212"
+ },
+ "dns": {
+ "dns.response_in": "15885",
+ "dns.id": "0x000004a9",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 21:22:52.423942000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508473372.423942000",
+ "frame.time_delta": "0.028470000",
+ "frame.time_delta_displayed": "0.028470000",
+ "frame.time_relative": "15660.018738000",
+ "frame.number": "15885",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000f1a1",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000c566",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "53892",
+ "udp.port": "53",
+ "udp.port": "53892",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "212"
+ },
+ "dns": {
+ "dns.response_to": "15884",
+ "dns.time": "0.028470000",
+ "dns.id": "0x000004a9",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "142",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "21258",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.2": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.2"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.73": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.73"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "274",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "274",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "274",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "274",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "274",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "274",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "274",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "274",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "274",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2799",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7339",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.208"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.233": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2114",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.233"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2178",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.229"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.203": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2586",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.203"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.203": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7142",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.203"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2721",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.95"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.37": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "825",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.37"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3277",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 21:33:23.396307000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508474003.396307000",
+ "frame.time_delta": "4.678140000",
+ "frame.time_delta_displayed": "630.972365000",
+ "frame.time_relative": "16290.991103000",
+ "frame.number": "16442",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x000096a0",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000221a",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "37663",
+ "udp.dstport": "53",
+ "udp.port": "37663",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00002d74",
+ "udp.checksum.status": "2",
+ "udp.stream": "215"
+ },
+ "dns": {
+ "dns.response_in": "16443",
+ "dns.id": "0x000004aa",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 21:33:23.398249000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508474003.398249000",
+ "frame.time_delta": "0.001942000",
+ "frame.time_delta_displayed": "0.001942000",
+ "frame.time_relative": "16290.993045000",
+ "frame.number": "16443",
+ "frame.len": "137",
+ "frame.cap_len": "137",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "123",
+ "ip.id": "0x00008616",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000326a",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "37663",
+ "udp.port": "53",
+ "udp.port": "37663",
+ "udp.length": "103",
+ "udp.checksum": "0x0000826a",
+ "udp.checksum.status": "2",
+ "udp.stream": "215"
+ },
+ "dns": {
+ "dns.response_to": "16442",
+ "dns.time": "0.001942000",
+ "dns.id": "0x000004aa",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "1",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "6",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1786",
+ "dns.resp.len": "46",
+ "dns.soa.mname": "ns1.ext.philips.com",
+ "dns.soa.rname": "ddi-authority.philips.com",
+ "dns.soa.serial_number": "387",
+ "dns.soa.refresh_interval": "1200",
+ "dns.soa.retry_interval": "300",
+ "dns.soa.expire_limit": "1209600",
+ "dns.soa.mininum_ttl": "3600"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 21:33:23.399079000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508474003.399079000",
+ "frame.time_delta": "0.000830000",
+ "frame.time_delta_displayed": "0.000830000",
+ "frame.time_relative": "16290.993875000",
+ "frame.number": "16444",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x000096a1",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00002219",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "33353",
+ "udp.dstport": "53",
+ "udp.port": "33353",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00005949",
+ "udp.checksum.status": "2",
+ "udp.stream": "216"
+ },
+ "dns": {
+ "dns.response_in": "16445",
+ "dns.id": "0x000004ab",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 21:33:23.400649000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508474003.400649000",
+ "frame.time_delta": "0.001570000",
+ "frame.time_delta_displayed": "0.001570000",
+ "frame.time_relative": "16290.995445000",
+ "frame.number": "16445",
+ "frame.len": "285",
+ "frame.cap_len": "285",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "271",
+ "ip.id": "0x00008617",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000031d5",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "33353",
+ "udp.port": "53",
+ "udp.port": "33353",
+ "udp.length": "251",
+ "udp.checksum": "0x000082fe",
+ "udp.checksum.status": "2",
+ "udp.stream": "216"
+ },
+ "dns": {
+ "dns.response_to": "16444",
+ "dns.time": "0.001570000",
+ "dns.id": "0x000004ab",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "6",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1786",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1786",
+ "dns.resp.len": "10",
+ "dns.ns": "ns3.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1786",
+ "dns.resp.len": "6",
+ "dns.ns": "ns1.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1786",
+ "dns.resp.len": "6",
+ "dns.ns": "ns2.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "140607",
+ "dns.resp.len": "4",
+ "dns.a": "57.67.40.20"
+ },
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "165325",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "165325",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "144226",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "136799",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "136799",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 21:33:23.818793000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508474003.818793000",
+ "frame.time_delta": "0.002460000",
+ "frame.time_delta_displayed": "0.418144000",
+ "frame.time_relative": "16291.413589000",
+ "frame.number": "16461",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x000096bd",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000021fd",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "52555",
+ "udp.dstport": "53",
+ "udp.port": "52555",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000f345",
+ "udp.checksum.status": "2",
+ "udp.stream": "217"
+ },
+ "dns": {
+ "dns.response_in": "16462",
+ "dns.id": "0x000004ac",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 21:33:23.819379000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508474003.819379000",
+ "frame.time_delta": "0.000586000",
+ "frame.time_delta_displayed": "0.000586000",
+ "frame.time_relative": "16291.414175000",
+ "frame.number": "16462",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000861c",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000329e",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "52555",
+ "udp.port": "53",
+ "udp.port": "52555",
+ "udp.length": "45",
+ "udp.checksum": "0x00008230",
+ "udp.checksum.status": "2",
+ "udp.stream": "217"
+ },
+ "dns": {
+ "dns.response_to": "16461",
+ "dns.time": "0.000586000",
+ "dns.id": "0x000004ac",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 21:33:23.820220000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508474003.820220000",
+ "frame.time_delta": "0.000841000",
+ "frame.time_delta_displayed": "0.000841000",
+ "frame.time_relative": "16291.415016000",
+ "frame.number": "16463",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x000096be",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000021fc",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "58656",
+ "udp.dstport": "53",
+ "udp.port": "58656",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000f66f",
+ "udp.checksum.status": "2",
+ "udp.stream": "218"
+ },
+ "dns": {
+ "dns.response_in": "16464",
+ "dns.id": "0x000004ad",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 21:33:23.820779000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508474003.820779000",
+ "frame.time_delta": "0.000559000",
+ "frame.time_delta_displayed": "0.000559000",
+ "frame.time_relative": "16291.415575000",
+ "frame.number": "16464",
+ "frame.len": "95",
+ "frame.cap_len": "95",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "81",
+ "ip.id": "0x0000861d",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000328d",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "58656",
+ "udp.port": "53",
+ "udp.port": "58656",
+ "udp.length": "61",
+ "udp.checksum": "0x00008240",
+ "udp.checksum.status": "2",
+ "udp.stream": "218"
+ },
+ "dns": {
+ "dns.response_to": "16463",
+ "dns.time": "0.000559000",
+ "dns.id": "0x000004ad",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1786",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 21:37:52.430247000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508474272.430247000",
+ "frame.time_delta": "3.692969000",
+ "frame.time_delta_displayed": "268.609468000",
+ "frame.time_relative": "16560.025043000",
+ "frame.number": "16697",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000e609",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000d2b3",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "47128",
+ "udp.dstport": "53",
+ "udp.port": "47128",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000a0f1",
+ "udp.checksum.status": "2",
+ "udp.stream": "221"
+ },
+ "dns": {
+ "dns.response_in": "16698",
+ "dns.id": "0x000004ae",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 21:37:52.445842000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508474272.445842000",
+ "frame.time_delta": "0.015595000",
+ "frame.time_delta_displayed": "0.015595000",
+ "frame.time_relative": "16560.040638000",
+ "frame.number": "16698",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000be56",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000f8b1",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "47128",
+ "udp.port": "53",
+ "udp.port": "47128",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "221"
+ },
+ "dns": {
+ "dns.response_to": "16697",
+ "dns.time": "0.015595000",
+ "dns.id": "0x000004ae",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "142",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20358",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3374",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3374",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3374",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3374",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3374",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3374",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3374",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3374",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3374",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1899",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6439",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.208"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.233": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1214",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.233"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1278",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.229"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.203": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1686",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.203"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.203": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6242",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.203"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1821",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.95"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.205": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5927",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.205"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2377",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 21:52:52.450308000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508475172.450308000",
+ "frame.time_delta": "6.313074000",
+ "frame.time_delta_displayed": "900.004466000",
+ "frame.time_relative": "17460.045104000",
+ "frame.number": "17472",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00002b9d",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00008d20",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "58502",
+ "udp.dstport": "53",
+ "udp.port": "58502",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x00007482",
+ "udp.checksum.status": "2",
+ "udp.stream": "229"
+ },
+ "dns": {
+ "dns.response_in": "17473",
+ "dns.id": "0x000004af",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 21:52:52.456608000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508475172.456608000",
+ "frame.time_delta": "0.006300000",
+ "frame.time_delta_displayed": "0.006300000",
+ "frame.time_relative": "17460.051404000",
+ "frame.number": "17473",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x000011ad",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000a55b",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "58502",
+ "udp.port": "53",
+ "udp.port": "58502",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "229"
+ },
+ "dns": {
+ "dns.response_to": "17472",
+ "dns.time": "0.006300000",
+ "dns.id": "0x000004af",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "142",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "19458",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2474",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2474",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2474",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2474",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2474",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2474",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2474",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2474",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2474",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "999",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5539",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.208"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.233": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "314",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.233"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "378",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.229"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.203": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "786",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.203"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.203": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5342",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.203"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "921",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.95"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.205": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5027",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.205"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1477",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 22:07:52.464775000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508476072.464775000",
+ "frame.time_delta": "4.206559000",
+ "frame.time_delta_displayed": "900.008167000",
+ "frame.time_relative": "18360.059571000",
+ "frame.number": "18263",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00005c8a",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00005c33",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "58930",
+ "udp.dstport": "53",
+ "udp.port": "58930",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x000072d5",
+ "udp.checksum.status": "2",
+ "udp.stream": "235"
+ },
+ "dns": {
+ "dns.response_in": "18264",
+ "dns.id": "0x000004b0",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 22:07:52.473763000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508476072.473763000",
+ "frame.time_delta": "0.008988000",
+ "frame.time_delta_displayed": "0.008988000",
+ "frame.time_relative": "18360.068559000",
+ "frame.number": "18264",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x000052f7",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00006411",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "58930",
+ "udp.port": "53",
+ "udp.port": "58930",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "235"
+ },
+ "dns": {
+ "dns.response_to": "18263",
+ "dns.time": "0.008988000",
+ "dns.id": "0x000004b0",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "142",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "18558",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1574",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1574",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1574",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1574",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1574",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1574",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1574",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1574",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1574",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "99",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4639",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.208"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7415",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.108"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.129": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3479",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.129"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 173.223.52.70": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5887",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.70"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.203": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4442",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.203"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "21",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.95"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.205": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4127",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.205"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "577",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 22:22:52.482011000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508476972.482011000",
+ "frame.time_delta": "2.079982000",
+ "frame.time_delta_displayed": "900.008248000",
+ "frame.time_relative": "19260.076807000",
+ "frame.number": "19082",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00007f92",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000392b",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "48250",
+ "udp.dstport": "53",
+ "udp.port": "48250",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x00009c8c",
+ "udp.checksum.status": "2",
+ "udp.stream": "242"
+ },
+ "dns": {
+ "dns.response_in": "19083",
+ "dns.id": "0x000004b1",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 22:22:52.488375000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508476972.488375000",
+ "frame.time_delta": "0.006364000",
+ "frame.time_delta_displayed": "0.006364000",
+ "frame.time_relative": "19260.083171000",
+ "frame.number": "19083",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x000024f5",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00009213",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "48250",
+ "udp.port": "53",
+ "udp.port": "48250",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "242"
+ },
+ "dns": {
+ "dns.response_to": "19082",
+ "dns.time": "0.006364000",
+ "dns.id": "0x000004b1",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "143",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "17658",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "674",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "674",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "674",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "674",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "674",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "674",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "674",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "674",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "674",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3200",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3739",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.208"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6515",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.108"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.129": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2579",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.129"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 173.223.52.70": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4987",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.70"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.203": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3542",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.203"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.94": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3122",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.94"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.205": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3227",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.205"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5678",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 22:33:21.968209000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508477601.968209000",
+ "frame.time_delta": "2.368838000",
+ "frame.time_delta_displayed": "629.479834000",
+ "frame.time_relative": "19889.563005000",
+ "frame.number": "19759",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x000048a9",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00007011",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "48476",
+ "udp.dstport": "53",
+ "udp.port": "48476",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000032f",
+ "udp.checksum.status": "2",
+ "udp.stream": "248"
+ },
+ "dns": {
+ "dns.response_in": "19760",
+ "dns.id": "0x000004b2",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 22:33:21.970113000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508477601.970113000",
+ "frame.time_delta": "0.001904000",
+ "frame.time_delta_displayed": "0.001904000",
+ "frame.time_relative": "19889.564909000",
+ "frame.number": "19760",
+ "frame.len": "137",
+ "frame.cap_len": "137",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "123",
+ "ip.id": "0x00006934",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00004f4c",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "48476",
+ "udp.port": "53",
+ "udp.port": "48476",
+ "udp.length": "103",
+ "udp.checksum": "0x0000826a",
+ "udp.checksum.status": "2",
+ "udp.stream": "248"
+ },
+ "dns": {
+ "dns.response_to": "19759",
+ "dns.time": "0.001904000",
+ "dns.id": "0x000004b2",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "1",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "6",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3220",
+ "dns.resp.len": "46",
+ "dns.soa.mname": "ns1.ext.philips.com",
+ "dns.soa.rname": "ddi-authority.philips.com",
+ "dns.soa.serial_number": "387",
+ "dns.soa.refresh_interval": "1200",
+ "dns.soa.retry_interval": "300",
+ "dns.soa.expire_limit": "1209600",
+ "dns.soa.mininum_ttl": "3600"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 22:33:21.971590000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508477601.971590000",
+ "frame.time_delta": "0.001477000",
+ "frame.time_delta_displayed": "0.001477000",
+ "frame.time_relative": "19889.566386000",
+ "frame.number": "19761",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x000048aa",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00007010",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "60103",
+ "udp.dstport": "53",
+ "udp.port": "60103",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000f0c2",
+ "udp.checksum.status": "2",
+ "udp.stream": "249"
+ },
+ "dns": {
+ "dns.response_in": "19762",
+ "dns.id": "0x000004b3",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 22:33:21.973429000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508477601.973429000",
+ "frame.time_delta": "0.001839000",
+ "frame.time_delta_displayed": "0.001839000",
+ "frame.time_relative": "19889.568225000",
+ "frame.number": "19762",
+ "frame.len": "269",
+ "frame.cap_len": "269",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "255",
+ "ip.id": "0x00006935",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00004ec7",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "60103",
+ "udp.port": "53",
+ "udp.port": "60103",
+ "udp.length": "235",
+ "udp.checksum": "0x000082ee",
+ "udp.checksum.status": "2",
+ "udp.stream": "249"
+ },
+ "dns": {
+ "dns.response_to": "19761",
+ "dns.time": "0.001839000",
+ "dns.id": "0x000004b3",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "5",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3220",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "689",
+ "dns.resp.len": "10",
+ "dns.ns": "ns3.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "689",
+ "dns.resp.len": "6",
+ "dns.ns": "ns1.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "689",
+ "dns.resp.len": "6",
+ "dns.ns": "ns2.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "157175",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "157175",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2218",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "47152",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "47152",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 22:33:22.393601000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508477602.393601000",
+ "frame.time_delta": "0.000661000",
+ "frame.time_delta_displayed": "0.420172000",
+ "frame.time_relative": "19889.988397000",
+ "frame.number": "19778",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x000048c9",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00006ff1",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "58716",
+ "udp.dstport": "53",
+ "udp.port": "58716",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000db2c",
+ "udp.checksum.status": "2",
+ "udp.stream": "250"
+ },
+ "dns": {
+ "dns.response_in": "19779",
+ "dns.id": "0x000004b4",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 22:33:22.394208000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508477602.394208000",
+ "frame.time_delta": "0.000607000",
+ "frame.time_delta_displayed": "0.000607000",
+ "frame.time_relative": "19889.989004000",
+ "frame.number": "19779",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00006951",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00004f69",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "58716",
+ "udp.port": "53",
+ "udp.port": "58716",
+ "udp.length": "45",
+ "udp.checksum": "0x00008230",
+ "udp.checksum.status": "2",
+ "udp.stream": "250"
+ },
+ "dns": {
+ "dns.response_to": "19778",
+ "dns.time": "0.000607000",
+ "dns.id": "0x000004b4",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 22:33:22.395034000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508477602.395034000",
+ "frame.time_delta": "0.000826000",
+ "frame.time_delta_displayed": "0.000826000",
+ "frame.time_relative": "19889.989830000",
+ "frame.number": "19780",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x000048ca",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00006ff0",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "58570",
+ "udp.dstport": "53",
+ "udp.port": "58570",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000f6bd",
+ "udp.checksum.status": "2",
+ "udp.stream": "251"
+ },
+ "dns": {
+ "dns.response_in": "19781",
+ "dns.id": "0x000004b5",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 22:33:22.395453000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508477602.395453000",
+ "frame.time_delta": "0.000419000",
+ "frame.time_delta_displayed": "0.000419000",
+ "frame.time_relative": "19889.990249000",
+ "frame.number": "19781",
+ "frame.len": "95",
+ "frame.cap_len": "95",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "81",
+ "ip.id": "0x00006952",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00004f58",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "58570",
+ "udp.port": "53",
+ "udp.port": "58570",
+ "udp.length": "61",
+ "udp.checksum": "0x00008240",
+ "udp.checksum.status": "2",
+ "udp.stream": "251"
+ },
+ "dns": {
+ "dns.response_to": "19780",
+ "dns.time": "0.000419000",
+ "dns.id": "0x000004b5",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3219",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 22:37:52.496004000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508477872.496004000",
+ "frame.time_delta": "7.655864000",
+ "frame.time_delta_displayed": "270.100551000",
+ "frame.time_relative": "20160.090800000",
+ "frame.number": "20012",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00007136",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00004787",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "57235",
+ "udp.dstport": "53",
+ "udp.port": "57235",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000796e",
+ "udp.checksum.status": "2",
+ "udp.stream": "252"
+ },
+ "dns": {
+ "dns.response_in": "20013",
+ "dns.id": "0x000004b6",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 22:37:52.557890000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508477872.557890000",
+ "frame.time_delta": "0.061886000",
+ "frame.time_delta_displayed": "0.061886000",
+ "frame.time_relative": "20160.152686000",
+ "frame.number": "20013",
+ "frame.len": "467",
+ "frame.cap_len": "467",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "453",
+ "ip.id": "0x00007974",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00003dc2",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "57235",
+ "udp.port": "53",
+ "udp.port": "57235",
+ "udp.length": "433",
+ "udp.checksum": "0x000083b4",
+ "udp.checksum.status": "2",
+ "udp.stream": "252"
+ },
+ "dns": {
+ "dns.response_to": "20012",
+ "dns.time": "0.061886000",
+ "dns.id": "0x000004b6",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "8",
+ "dns.count.add_rr": "8",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "118",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "15117",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "690",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "690",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "690",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "690",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "690",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "690",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "690",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "690",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 23.67.56.215": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6717",
+ "dns.resp.len": "4",
+ "dns.a": "23.67.56.215"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7220",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3405",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.150"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 165.254.16.92": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "311",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.92"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.206": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "58",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.206"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.69": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3867",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.69"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.204": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1920",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.204"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 22:52:52.564075000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508478772.564075000",
+ "frame.time_delta": "2.198143000",
+ "frame.time_delta_displayed": "900.006185000",
+ "frame.time_relative": "21060.158871000",
+ "frame.number": "20790",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000cae0",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000eddc",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "43240",
+ "udp.dstport": "53",
+ "udp.port": "43240",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000b018",
+ "udp.checksum.status": "2",
+ "udp.stream": "258"
+ },
+ "dns": {
+ "dns.response_in": "20791",
+ "dns.id": "0x000004b7",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 22:52:52.600980000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508478772.600980000",
+ "frame.time_delta": "0.036905000",
+ "frame.time_delta_displayed": "0.036905000",
+ "frame.time_relative": "21060.195776000",
+ "frame.number": "20791",
+ "frame.len": "467",
+ "frame.cap_len": "467",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "453",
+ "ip.id": "0x00009731",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00002005",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "43240",
+ "udp.port": "53",
+ "udp.port": "43240",
+ "udp.length": "433",
+ "udp.checksum": "0x000083b4",
+ "udp.checksum.status": "2",
+ "udp.stream": "258"
+ },
+ "dns": {
+ "dns.response_to": "20790",
+ "dns.time": "0.036905000",
+ "dns.id": "0x000004b7",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "8",
+ "dns.count.add_rr": "8",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "118",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "14217",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "790",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "790",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "790",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "790",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "790",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "790",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "790",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "790",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3106",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 23.67.56.215": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5817",
+ "dns.resp.len": "4",
+ "dns.a": "23.67.56.215"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6320",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2505",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.150"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.202": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5412",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.202"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 173.223.52.70": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7161",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.70"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.69": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2967",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.69"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.204": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1020",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.204"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 23:07:52.606357000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508479672.606357000",
+ "frame.time_delta": "1.385883000",
+ "frame.time_delta_displayed": "900.005377000",
+ "frame.time_relative": "21960.201153000",
+ "frame.number": "21562",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00004d98",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00006b25",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53213",
+ "udp.dstport": "53",
+ "udp.port": "53213",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x00008922",
+ "udp.checksum.status": "2",
+ "udp.stream": "264"
+ },
+ "dns": {
+ "dns.response_in": "21563",
+ "dns.id": "0x000004b8",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 23:07:52.617193000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508479672.617193000",
+ "frame.time_delta": "0.010836000",
+ "frame.time_delta_displayed": "0.010836000",
+ "frame.time_relative": "21960.211989000",
+ "frame.number": "21563",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000db65",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000dba2",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "53213",
+ "udp.port": "53",
+ "udp.port": "53213",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "264"
+ },
+ "dns": {
+ "dns.response_to": "21562",
+ "dns.time": "0.010836000",
+ "dns.id": "0x000004b8",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "118",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "13317",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3890",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3890",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3890",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3890",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3890",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3890",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3890",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3890",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3890",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2206",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 23.67.56.215": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4917",
+ "dns.resp.len": "4",
+ "dns.a": "23.67.56.215"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5420",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1605",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.150"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.202": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4512",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.202"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 173.223.52.70": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6261",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.70"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.69": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2067",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.69"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.204": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "120",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.204"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5890",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 23:22:52.625699000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508480572.625699000",
+ "frame.time_delta": "4.403118000",
+ "frame.time_delta_displayed": "900.008506000",
+ "frame.time_relative": "22860.220495000",
+ "frame.number": "22346",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00005937",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00005f86",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "33001",
+ "udp.dstport": "53",
+ "udp.port": "33001",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000d815",
+ "udp.checksum.status": "2",
+ "udp.stream": "268"
+ },
+ "dns": {
+ "dns.response_in": "22347",
+ "dns.id": "0x000004b9",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 23:22:52.650694000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508480572.650694000",
+ "frame.time_delta": "0.024995000",
+ "frame.time_delta_displayed": "0.024995000",
+ "frame.time_relative": "22860.245490000",
+ "frame.number": "22347",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000d12d",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000e5da",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "33001",
+ "udp.port": "53",
+ "udp.port": "33001",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "268"
+ },
+ "dns": {
+ "dns.response_to": "22346",
+ "dns.time": "0.024995000",
+ "dns.id": "0x000004b9",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "143",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "14058",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1074",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1074",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1074",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1074",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1074",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1074",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1074",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1074",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1074",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3601",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "139",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.208"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2915",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.108"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.239": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2980",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.239"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 173.223.52.70": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1387",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.70"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 96.17.70.191": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7943",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.191"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.70": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3523",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.70"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5628",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2078",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 23:33:22.664730000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508481202.664730000",
+ "frame.time_delta": "2.566341000",
+ "frame.time_delta_displayed": "630.014036000",
+ "frame.time_relative": "23490.259526000",
+ "frame.number": "22859",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00007d2e",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00003b8c",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "58340",
+ "udp.dstport": "53",
+ "udp.port": "58340",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000dc9e",
+ "udp.checksum.status": "2",
+ "udp.stream": "271"
+ },
+ "dns": {
+ "dns.response_in": "22860",
+ "dns.id": "0x000004ba",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 23:33:22.666597000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508481202.666597000",
+ "frame.time_delta": "0.001867000",
+ "frame.time_delta_displayed": "0.001867000",
+ "frame.time_relative": "23490.261393000",
+ "frame.number": "22860",
+ "frame.len": "137",
+ "frame.cap_len": "137",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "123",
+ "ip.id": "0x00008ce9",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00002b97",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "58340",
+ "udp.port": "53",
+ "udp.port": "58340",
+ "udp.length": "103",
+ "udp.checksum": "0x0000826a",
+ "udp.checksum.status": "2",
+ "udp.stream": "271"
+ },
+ "dns": {
+ "dns.response_to": "22859",
+ "dns.time": "0.001867000",
+ "dns.id": "0x000004ba",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "1",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "6",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3219",
+ "dns.resp.len": "46",
+ "dns.soa.mname": "ns1.ext.philips.com",
+ "dns.soa.rname": "ddi-authority.philips.com",
+ "dns.soa.serial_number": "387",
+ "dns.soa.refresh_interval": "1200",
+ "dns.soa.retry_interval": "300",
+ "dns.soa.expire_limit": "1209600",
+ "dns.soa.mininum_ttl": "3600"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 23:33:22.667494000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508481202.667494000",
+ "frame.time_delta": "0.000897000",
+ "frame.time_delta_displayed": "0.000897000",
+ "frame.time_relative": "23490.262290000",
+ "frame.number": "22861",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00007d2f",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00003b8b",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "52564",
+ "udp.dstport": "53",
+ "udp.port": "52564",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00000e2e",
+ "udp.checksum.status": "2",
+ "udp.stream": "272"
+ },
+ "dns": {
+ "dns.response_in": "22862",
+ "dns.id": "0x000004bb",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 23:33:22.669032000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508481202.669032000",
+ "frame.time_delta": "0.001538000",
+ "frame.time_delta_displayed": "0.001538000",
+ "frame.time_relative": "23490.263828000",
+ "frame.number": "22862",
+ "frame.len": "269",
+ "frame.cap_len": "269",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "255",
+ "ip.id": "0x00008cea",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00002b12",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "52564",
+ "udp.port": "53",
+ "udp.port": "52564",
+ "udp.length": "235",
+ "udp.checksum": "0x000082ee",
+ "udp.checksum.status": "2",
+ "udp.stream": "272"
+ },
+ "dns": {
+ "dns.response_to": "22861",
+ "dns.time": "0.001538000",
+ "dns.id": "0x000004bb",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "5",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3220",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "688",
+ "dns.resp.len": "10",
+ "dns.ns": "ns3.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "688",
+ "dns.resp.len": "6",
+ "dns.ns": "ns1.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "688",
+ "dns.resp.len": "6",
+ "dns.ns": "ns2.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "153574",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "153574",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "171829",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "43551",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "43551",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 23:33:23.087037000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508481203.087037000",
+ "frame.time_delta": "0.001271000",
+ "frame.time_delta_displayed": "0.418005000",
+ "frame.time_relative": "23490.681833000",
+ "frame.number": "22878",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00007d4c",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00003b6e",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "37188",
+ "udp.dstport": "53",
+ "udp.port": "37188",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00002f3d",
+ "udp.checksum.status": "2",
+ "udp.stream": "273"
+ },
+ "dns": {
+ "dns.response_in": "22879",
+ "dns.id": "0x000004bc",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 23:33:23.087591000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508481203.087591000",
+ "frame.time_delta": "0.000554000",
+ "frame.time_delta_displayed": "0.000554000",
+ "frame.time_relative": "23490.682387000",
+ "frame.number": "22879",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00008d00",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00002bba",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "37188",
+ "udp.port": "53",
+ "udp.port": "37188",
+ "udp.length": "45",
+ "udp.checksum": "0x00008230",
+ "udp.checksum.status": "2",
+ "udp.stream": "273"
+ },
+ "dns": {
+ "dns.response_to": "22878",
+ "dns.time": "0.000554000",
+ "dns.id": "0x000004bc",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 23:33:23.088490000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508481203.088490000",
+ "frame.time_delta": "0.000899000",
+ "frame.time_delta_displayed": "0.000899000",
+ "frame.time_relative": "23490.683286000",
+ "frame.number": "22880",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00007d4d",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00003b6d",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "57857",
+ "udp.dstport": "53",
+ "udp.port": "57857",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000f97e",
+ "udp.checksum.status": "2",
+ "udp.stream": "274"
+ },
+ "dns": {
+ "dns.response_in": "22881",
+ "dns.id": "0x000004bd",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 23:33:23.089060000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508481203.089060000",
+ "frame.time_delta": "0.000570000",
+ "frame.time_delta_displayed": "0.000570000",
+ "frame.time_relative": "23490.683856000",
+ "frame.number": "22881",
+ "frame.len": "95",
+ "frame.cap_len": "95",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "81",
+ "ip.id": "0x00008d01",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00002ba9",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "57857",
+ "udp.port": "53",
+ "udp.port": "57857",
+ "udp.length": "61",
+ "udp.checksum": "0x00008240",
+ "udp.checksum.status": "2",
+ "udp.stream": "274"
+ },
+ "dns": {
+ "dns.response_to": "22880",
+ "dns.time": "0.000570000",
+ "dns.id": "0x000004bd",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3219",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 23:37:52.675652000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508481472.675652000",
+ "frame.time_delta": "1.044735000",
+ "frame.time_delta_displayed": "269.586592000",
+ "frame.time_relative": "23760.270448000",
+ "frame.number": "23158",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00009f5f",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000195e",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "41570",
+ "udp.dstport": "53",
+ "udp.port": "41570",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000b697",
+ "udp.checksum.status": "2",
+ "udp.stream": "280"
+ },
+ "dns": {
+ "dns.response_in": "23159",
+ "dns.id": "0x000004be",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 23:37:52.686467000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508481472.686467000",
+ "frame.time_delta": "0.010815000",
+ "frame.time_delta_displayed": "0.010815000",
+ "frame.time_relative": "23760.281263000",
+ "frame.number": "23159",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000db55",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000dbb2",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "41570",
+ "udp.port": "53",
+ "udp.port": "41570",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "280"
+ },
+ "dns": {
+ "dns.response_to": "23158",
+ "dns.time": "0.010815000",
+ "dns.id": "0x000004be",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "143",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "13158",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "174",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "174",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "174",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "174",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "174",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "174",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "174",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "174",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "174",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2701",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.131": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7242",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.131"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2015",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.108"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.239": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2080",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.239"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 173.223.52.70": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "487",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.70"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 96.17.70.191": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7043",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.191"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.70": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2623",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.70"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4728",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1178",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 23:52:52.690665000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508482372.690665000",
+ "frame.time_delta": "0.322371000",
+ "frame.time_delta_displayed": "900.004198000",
+ "frame.time_relative": "24660.285461000",
+ "frame.number": "23918",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00009671",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000224c",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "42853",
+ "udp.dstport": "53",
+ "udp.port": "42853",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000b193",
+ "udp.checksum.status": "2",
+ "udp.stream": "284"
+ },
+ "dns": {
+ "dns.response_in": "23919",
+ "dns.id": "0x000004bf",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 19, 2017 23:52:52.711241000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508482372.711241000",
+ "frame.time_delta": "0.020576000",
+ "frame.time_delta_displayed": "0.020576000",
+ "frame.time_relative": "24660.306037000",
+ "frame.number": "23919",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00001d6b",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000999d",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "42853",
+ "udp.port": "53",
+ "udp.port": "42853",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "284"
+ },
+ "dns": {
+ "dns.response_to": "23918",
+ "dns.time": "0.020576000",
+ "dns.id": "0x000004bf",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "119",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "10617",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1190",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1190",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1190",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1190",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1190",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1190",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1190",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1190",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1190",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3509",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 23.67.56.215": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2217",
+ "dns.resp.len": "4",
+ "dns.a": "23.67.56.215"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2720",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2912",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.108"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.202": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1812",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.202"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 173.223.52.70": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3561",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.70"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3369",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.246": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3423",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.246"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3190",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 00:07:52.715432000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508483272.715432000",
+ "frame.time_delta": "0.798629000",
+ "frame.time_delta_displayed": "900.004191000",
+ "frame.time_relative": "25560.310228000",
+ "frame.number": "24682",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000a08f",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000182e",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53913",
+ "udp.dstport": "53",
+ "udp.port": "53913",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000865e",
+ "udp.checksum.status": "2",
+ "udp.stream": "288"
+ },
+ "dns": {
+ "dns.response_in": "24683",
+ "dns.id": "0x000004c0",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 00:07:52.722880000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508483272.722880000",
+ "frame.time_delta": "0.007448000",
+ "frame.time_delta_displayed": "0.007448000",
+ "frame.time_relative": "25560.317676000",
+ "frame.number": "24683",
+ "frame.len": "467",
+ "frame.cap_len": "467",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "453",
+ "ip.id": "0x000067fe",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00004f38",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "53913",
+ "udp.port": "53",
+ "udp.port": "53913",
+ "udp.length": "433",
+ "udp.checksum": "0x000083b4",
+ "udp.checksum.status": "2",
+ "udp.stream": "288"
+ },
+ "dns": {
+ "dns.response_to": "24682",
+ "dns.time": "0.007448000",
+ "dns.id": "0x000004c0",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "8",
+ "dns.count.add_rr": "8",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "143",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "11358",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "374",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "374",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "374",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "374",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "374",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "374",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "374",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "374",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "901",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.131": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5442",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.131"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "215",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.108"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.239": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "280",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.239"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.177": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4688",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.177"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 96.17.70.191": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5243",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.191"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.70": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "823",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.70"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2928",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 00:12:04.696340000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508483524.696340000",
+ "frame.time_delta": "0.145443000",
+ "frame.time_delta_displayed": "251.973460000",
+ "frame.time_relative": "25812.291136000",
+ "frame.number": "24953",
+ "frame.len": "83",
+ "frame.cap_len": "83",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "69",
+ "ip.id": "0x0000a209",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000016ad",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "49770",
+ "udp.dstport": "53",
+ "udp.port": "49770",
+ "udp.port": "53",
+ "udp.length": "49",
+ "udp.checksum": "0x0000cac1",
+ "udp.checksum.status": "2",
+ "udp.stream": "293"
+ },
+ "dns": {
+ "dns.response_in": "24954",
+ "dns.id": "0x00000043",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "diagnostics.meethue.com: type A, class IN": {
+ "dns.qry.name": "diagnostics.meethue.com",
+ "dns.qry.name.len": "23",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 00:12:04.767719000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508483524.767719000",
+ "frame.time_delta": "0.071379000",
+ "frame.time_delta_displayed": "0.071379000",
+ "frame.time_relative": "25812.362515000",
+ "frame.number": "24954",
+ "frame.len": "297",
+ "frame.cap_len": "297",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "283",
+ "ip.id": "0x00008814",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00002fcc",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "49770",
+ "udp.port": "53",
+ "udp.port": "49770",
+ "udp.length": "263",
+ "udp.checksum": "0x0000830a",
+ "udp.checksum.status": "2",
+ "udp.stream": "293"
+ },
+ "dns": {
+ "dns.response_to": "24953",
+ "dns.time": "0.071379000",
+ "dns.id": "0x00000043",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "6",
+ "Queries": {
+ "diagnostics.meethue.com: type A, class IN": {
+ "dns.qry.name": "diagnostics.meethue.com",
+ "dns.qry.name.len": "23",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "diagnostics.meethue.com: type A, class IN, addr 130.211.67.12": {
+ "dns.resp.name": "diagnostics.meethue.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "300",
+ "dns.resp.len": "4",
+ "dns.a": "130.211.67.12"
+ }
+ },
+ "Authoritative nameservers": {
+ "meethue.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "meethue.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1704",
+ "dns.resp.len": "18",
+ "dns.ns": "ns3.ext.philips.com"
+ },
+ "meethue.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "meethue.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1704",
+ "dns.resp.len": "6",
+ "dns.ns": "ns1.ext.philips.com"
+ },
+ "meethue.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "meethue.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1704",
+ "dns.resp.len": "6",
+ "dns.ns": "ns2.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "131086",
+ "dns.resp.len": "4",
+ "dns.a": "57.67.40.20"
+ },
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "155804",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "155804",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "134705",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "127278",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "127278",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 00:22:52.727669000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508484172.727669000",
+ "frame.time_delta": "3.871548000",
+ "frame.time_delta_displayed": "647.959950000",
+ "frame.time_relative": "26460.322465000",
+ "frame.number": "25506",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x000042c9",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000075f4",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "55301",
+ "udp.dstport": "53",
+ "udp.port": "55301",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x000080f1",
+ "udp.checksum.status": "2",
+ "udp.stream": "295"
+ },
+ "dns": {
+ "dns.response_in": "25507",
+ "dns.id": "0x000004c1",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 00:22:52.765073000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508484172.765073000",
+ "frame.time_delta": "0.037404000",
+ "frame.time_delta_displayed": "0.037404000",
+ "frame.time_relative": "26460.359869000",
+ "frame.number": "25507",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00000318",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000b3f0",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "55301",
+ "udp.port": "53",
+ "udp.port": "55301",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "295"
+ },
+ "dns": {
+ "dns.response_to": "25506",
+ "dns.time": "0.037404000",
+ "dns.id": "0x000004c1",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "119",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "8817",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3390",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3390",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3390",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3390",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3390",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3390",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3390",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3390",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3390",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1709",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 23.67.56.215": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "417",
+ "dns.resp.len": "4",
+ "dns.a": "23.67.56.215"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "920",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1112",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.108"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.202": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "12",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.202"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 173.223.52.70": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1761",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.70"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1569",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.246": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1623",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.246"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1390",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 00:33:23.301033000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508484803.301033000",
+ "frame.time_delta": "0.159453000",
+ "frame.time_delta_displayed": "630.535960000",
+ "frame.time_relative": "27090.895829000",
+ "frame.number": "26095",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000aa78",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00000e42",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "60609",
+ "udp.dstport": "53",
+ "udp.port": "60609",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000d3b9",
+ "udp.checksum.status": "2",
+ "udp.stream": "299"
+ },
+ "dns": {
+ "dns.response_in": "26096",
+ "dns.id": "0x000004c2",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 00:33:23.303089000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508484803.303089000",
+ "frame.time_delta": "0.002056000",
+ "frame.time_delta_displayed": "0.002056000",
+ "frame.time_relative": "27090.897885000",
+ "frame.number": "26096",
+ "frame.len": "137",
+ "frame.cap_len": "137",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "123",
+ "ip.id": "0x0000a9d2",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00000eae",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "60609",
+ "udp.port": "53",
+ "udp.port": "60609",
+ "udp.length": "103",
+ "udp.checksum": "0x0000826a",
+ "udp.checksum.status": "2",
+ "udp.stream": "299"
+ },
+ "dns": {
+ "dns.response_to": "26095",
+ "dns.time": "0.002056000",
+ "dns.id": "0x000004c2",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "1",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "6",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3219",
+ "dns.resp.len": "46",
+ "dns.soa.mname": "ns1.ext.philips.com",
+ "dns.soa.rname": "ddi-authority.philips.com",
+ "dns.soa.serial_number": "387",
+ "dns.soa.refresh_interval": "1200",
+ "dns.soa.retry_interval": "300",
+ "dns.soa.expire_limit": "1209600",
+ "dns.soa.mininum_ttl": "3600"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 00:33:23.303940000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508484803.303940000",
+ "frame.time_delta": "0.000851000",
+ "frame.time_delta_displayed": "0.000851000",
+ "frame.time_relative": "27090.898736000",
+ "frame.number": "26097",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000aa79",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00000e41",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "45112",
+ "udp.dstport": "53",
+ "udp.port": "45112",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00002b42",
+ "udp.checksum.status": "2",
+ "udp.stream": "300"
+ },
+ "dns": {
+ "dns.response_in": "26098",
+ "dns.id": "0x000004c3",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 00:33:23.305709000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508484803.305709000",
+ "frame.time_delta": "0.001769000",
+ "frame.time_delta_displayed": "0.001769000",
+ "frame.time_relative": "27090.900505000",
+ "frame.number": "26098",
+ "frame.len": "269",
+ "frame.cap_len": "269",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "255",
+ "ip.id": "0x0000a9d3",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00000e29",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "45112",
+ "udp.port": "53",
+ "udp.port": "45112",
+ "udp.length": "235",
+ "udp.checksum": "0x000082ee",
+ "udp.checksum.status": "2",
+ "udp.stream": "300"
+ },
+ "dns": {
+ "dns.response_to": "26097",
+ "dns.time": "0.001769000",
+ "dns.id": "0x000004c3",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "5",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3219",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "689",
+ "dns.resp.len": "10",
+ "dns.ns": "ns3.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "689",
+ "dns.resp.len": "6",
+ "dns.ns": "ns1.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "689",
+ "dns.resp.len": "6",
+ "dns.ns": "ns2.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "149973",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "149973",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "168228",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "39950",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "39950",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 00:33:23.726935000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508484803.726935000",
+ "frame.time_delta": "0.001538000",
+ "frame.time_delta_displayed": "0.421226000",
+ "frame.time_relative": "27091.321731000",
+ "frame.number": "26114",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000aaa1",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00000e19",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "47836",
+ "udp.dstport": "53",
+ "udp.port": "47836",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000059d",
+ "udp.checksum.status": "2",
+ "udp.stream": "301"
+ },
+ "dns": {
+ "dns.response_in": "26115",
+ "dns.id": "0x000004c4",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 00:33:23.727513000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508484803.727513000",
+ "frame.time_delta": "0.000578000",
+ "frame.time_delta_displayed": "0.000578000",
+ "frame.time_relative": "27091.322309000",
+ "frame.number": "26115",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000a9f1",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00000ec9",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "47836",
+ "udp.port": "53",
+ "udp.port": "47836",
+ "udp.length": "45",
+ "udp.checksum": "0x00008230",
+ "udp.checksum.status": "2",
+ "udp.stream": "301"
+ },
+ "dns": {
+ "dns.response_to": "26114",
+ "dns.time": "0.000578000",
+ "dns.id": "0x000004c4",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 00:33:23.728355000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508484803.728355000",
+ "frame.time_delta": "0.000842000",
+ "frame.time_delta_displayed": "0.000842000",
+ "frame.time_relative": "27091.323151000",
+ "frame.number": "26116",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000aaa2",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00000e18",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "59436",
+ "udp.dstport": "53",
+ "udp.port": "59436",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000f34b",
+ "udp.checksum.status": "2",
+ "udp.stream": "302"
+ },
+ "dns": {
+ "dns.response_in": "26117",
+ "dns.id": "0x000004c5",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 00:33:23.728777000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508484803.728777000",
+ "frame.time_delta": "0.000422000",
+ "frame.time_delta_displayed": "0.000422000",
+ "frame.time_relative": "27091.323573000",
+ "frame.number": "26117",
+ "frame.len": "95",
+ "frame.cap_len": "95",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "81",
+ "ip.id": "0x0000a9f2",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00000eb8",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "59436",
+ "udp.port": "53",
+ "udp.port": "59436",
+ "udp.length": "61",
+ "udp.checksum": "0x00008240",
+ "udp.checksum.status": "2",
+ "udp.stream": "302"
+ },
+ "dns": {
+ "dns.response_to": "26116",
+ "dns.time": "0.000422000",
+ "dns.id": "0x000004c5",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3219",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 00:37:52.772955000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508485072.772955000",
+ "frame.time_delta": "1.222355000",
+ "frame.time_delta_displayed": "269.044178000",
+ "frame.time_relative": "27360.367751000",
+ "frame.number": "26369",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000ce92",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000ea2a",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "45574",
+ "udp.dstport": "53",
+ "udp.port": "45574",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000a6eb",
+ "udp.checksum.status": "2",
+ "udp.stream": "304"
+ },
+ "dns": {
+ "dns.response_in": "26370",
+ "dns.id": "0x000004c6",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 00:37:52.788820000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508485072.788820000",
+ "frame.time_delta": "0.015865000",
+ "frame.time_delta_displayed": "0.015865000",
+ "frame.time_relative": "27360.383616000",
+ "frame.number": "26370",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000cb7f",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000eb88",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "45574",
+ "udp.port": "53",
+ "udp.port": "45574",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "304"
+ },
+ "dns": {
+ "dns.response_to": "26369",
+ "dns.time": "0.015865000",
+ "dns.id": "0x000004c6",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "144",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "9558",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2574",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2574",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2574",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2574",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2574",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2574",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2574",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2574",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2574",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3102",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.131": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3642",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.131"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.94": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6416",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.94"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.176": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2481",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.176"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.177": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2888",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.177"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 96.17.70.191": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3443",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.191"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.177": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3024",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.177"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1128",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4574",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 00:52:52.797929000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508485972.797929000",
+ "frame.time_delta": "1.729711000",
+ "frame.time_delta_displayed": "900.009109000",
+ "frame.time_relative": "28260.392725000",
+ "frame.number": "27288",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000fdad",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000bb0f",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "57726",
+ "udp.dstport": "53",
+ "udp.port": "57726",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x00007772",
+ "udp.checksum.status": "2",
+ "udp.stream": "311"
+ },
+ "dns": {
+ "dns.response_in": "27289",
+ "dns.id": "0x000004c7",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 00:52:52.808637000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508485972.808637000",
+ "frame.time_delta": "0.010708000",
+ "frame.time_delta_displayed": "0.010708000",
+ "frame.time_relative": "28260.403433000",
+ "frame.number": "27289",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000efa6",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000c761",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "57726",
+ "udp.port": "53",
+ "udp.port": "57726",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "311"
+ },
+ "dns": {
+ "dns.response_to": "27288",
+ "dns.time": "0.010708000",
+ "dns.id": "0x000004c7",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "144",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "8658",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1674",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1674",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1674",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1674",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1674",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1674",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1674",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1674",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1674",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2202",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.131": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2742",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.131"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.94": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5516",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.94"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.176": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1581",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.176"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.177": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1988",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.177"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 96.17.70.191": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2543",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.191"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.177": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2124",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.177"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "228",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3674",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 01:07:52.814329000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508486872.814329000",
+ "frame.time_delta": "5.472047000",
+ "frame.time_delta_displayed": "900.005692000",
+ "frame.time_relative": "29160.409125000",
+ "frame.number": "28061",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000614d",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00005770",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "39493",
+ "udp.dstport": "53",
+ "udp.port": "39493",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000beaa",
+ "udp.checksum.status": "2",
+ "udp.stream": "315"
+ },
+ "dns": {
+ "dns.response_in": "28062",
+ "dns.id": "0x000004c8",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 01:07:52.835978000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508486872.835978000",
+ "frame.time_delta": "0.021649000",
+ "frame.time_delta_displayed": "0.021649000",
+ "frame.time_relative": "29160.430774000",
+ "frame.number": "28062",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00000e9b",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000a86d",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "39493",
+ "udp.port": "53",
+ "udp.port": "39493",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "315"
+ },
+ "dns": {
+ "dns.response_to": "28061",
+ "dns.time": "0.021649000",
+ "dns.id": "0x000004c8",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "119",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6117",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "690",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "690",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "690",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "690",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "690",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "690",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "690",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "690",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "690",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3011",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5718",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.155": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6226",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.155"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 23.67.56.207": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2421",
+ "dns.resp.len": "4",
+ "dns.a": "23.67.56.207"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.174": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3318",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.174"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 23.67.56.215": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7067",
+ "dns.resp.len": "4",
+ "dns.a": "23.67.56.215"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 23.67.56.213": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2874",
+ "dns.resp.len": "4",
+ "dns.a": "23.67.56.213"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.155": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4925",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.155"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4702",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 01:22:52.843589000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508487772.843589000",
+ "frame.time_delta": "0.601966000",
+ "frame.time_delta_displayed": "900.007611000",
+ "frame.time_relative": "30060.438385000",
+ "frame.number": "28868",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00008683",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000323a",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "60232",
+ "udp.dstport": "53",
+ "udp.port": "60232",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x00006da6",
+ "udp.checksum.status": "2",
+ "udp.stream": "322"
+ },
+ "dns": {
+ "dns.response_in": "28869",
+ "dns.id": "0x000004c9",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 01:22:52.850618000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508487772.850618000",
+ "frame.time_delta": "0.007029000",
+ "frame.time_delta_displayed": "0.007029000",
+ "frame.time_relative": "30060.445414000",
+ "frame.number": "28869",
+ "frame.len": "467",
+ "frame.cap_len": "467",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "453",
+ "ip.id": "0x000032d6",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00008460",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "60232",
+ "udp.port": "53",
+ "udp.port": "60232",
+ "udp.length": "433",
+ "udp.checksum": "0x000083b4",
+ "udp.checksum.status": "2",
+ "udp.stream": "322"
+ },
+ "dns": {
+ "dns.response_to": "28868",
+ "dns.time": "0.007029000",
+ "dns.id": "0x000004c9",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "8",
+ "dns.count.add_rr": "8",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "144",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6858",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "874",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "874",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "874",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "874",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "874",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "874",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "874",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "874",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "402",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.131": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "942",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.131"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.94": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3716",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.94"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 23.67.56.213": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3782",
+ "dns.resp.len": "4",
+ "dns.a": "23.67.56.213"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.177": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "188",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.177"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 96.17.70.191": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "743",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.191"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.177": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "324",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.177"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.243": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4429",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.243"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 01:33:21.755985000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508488401.755985000",
+ "frame.time_delta": "1.940613000",
+ "frame.time_delta_displayed": "628.905367000",
+ "frame.time_relative": "30689.350781000",
+ "frame.number": "29396",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00009aad",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00001e0d",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "43519",
+ "udp.dstport": "53",
+ "udp.port": "43519",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00001674",
+ "udp.checksum.status": "2",
+ "udp.stream": "327"
+ },
+ "dns": {
+ "dns.response_in": "29397",
+ "dns.id": "0x000004ca",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 01:33:21.757930000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508488401.757930000",
+ "frame.time_delta": "0.001945000",
+ "frame.time_delta_displayed": "0.001945000",
+ "frame.time_relative": "30689.352726000",
+ "frame.number": "29397",
+ "frame.len": "137",
+ "frame.cap_len": "137",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "123",
+ "ip.id": "0x0000a15f",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00001721",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "43519",
+ "udp.port": "53",
+ "udp.port": "43519",
+ "udp.length": "103",
+ "udp.checksum": "0x0000826a",
+ "udp.checksum.status": "2",
+ "udp.stream": "327"
+ },
+ "dns": {
+ "dns.response_to": "29396",
+ "dns.time": "0.001945000",
+ "dns.id": "0x000004ca",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "1",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "6",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3221",
+ "dns.resp.len": "46",
+ "dns.soa.mname": "ns1.ext.philips.com",
+ "dns.soa.rname": "ddi-authority.philips.com",
+ "dns.soa.serial_number": "387",
+ "dns.soa.refresh_interval": "1200",
+ "dns.soa.retry_interval": "300",
+ "dns.soa.expire_limit": "1209600",
+ "dns.soa.mininum_ttl": "3600"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 01:33:21.758751000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508488401.758751000",
+ "frame.time_delta": "0.000821000",
+ "frame.time_delta_displayed": "0.000821000",
+ "frame.time_relative": "30689.353547000",
+ "frame.number": "29398",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00009aae",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00001e0c",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "34772",
+ "udp.dstport": "53",
+ "udp.port": "34772",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000539e",
+ "udp.checksum.status": "2",
+ "udp.stream": "328"
+ },
+ "dns": {
+ "dns.response_in": "29399",
+ "dns.id": "0x000004cb",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 01:33:21.760366000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508488401.760366000",
+ "frame.time_delta": "0.001615000",
+ "frame.time_delta_displayed": "0.001615000",
+ "frame.time_relative": "30689.355162000",
+ "frame.number": "29399",
+ "frame.len": "285",
+ "frame.cap_len": "285",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "271",
+ "ip.id": "0x0000a160",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000168c",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "34772",
+ "udp.port": "53",
+ "udp.port": "34772",
+ "udp.length": "251",
+ "udp.checksum": "0x000082fe",
+ "udp.checksum.status": "2",
+ "udp.stream": "328"
+ },
+ "dns": {
+ "dns.response_to": "29398",
+ "dns.time": "0.001615000",
+ "dns.id": "0x000004cb",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "6",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3221",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1322",
+ "dns.resp.len": "10",
+ "dns.ns": "ns2.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1322",
+ "dns.resp.len": "6",
+ "dns.ns": "ns3.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1322",
+ "dns.resp.len": "6",
+ "dns.ns": "ns1.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "442",
+ "dns.resp.len": "4",
+ "dns.a": "57.67.40.20"
+ },
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "146375",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "146375",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "164630",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "36352",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "36352",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 01:33:22.179535000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508488402.179535000",
+ "frame.time_delta": "0.001270000",
+ "frame.time_delta_displayed": "0.419169000",
+ "frame.time_relative": "30689.774331000",
+ "frame.number": "29415",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00009ac2",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00001df8",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "32927",
+ "udp.dstport": "53",
+ "udp.port": "32927",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00003fd2",
+ "udp.checksum.status": "2",
+ "udp.stream": "329"
+ },
+ "dns": {
+ "dns.response_in": "29416",
+ "dns.id": "0x000004cc",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 01:33:22.180074000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508488402.180074000",
+ "frame.time_delta": "0.000539000",
+ "frame.time_delta_displayed": "0.000539000",
+ "frame.time_relative": "30689.774870000",
+ "frame.number": "29416",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000a17c",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000173e",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "32927",
+ "udp.port": "53",
+ "udp.port": "32927",
+ "udp.length": "45",
+ "udp.checksum": "0x00008230",
+ "udp.checksum.status": "2",
+ "udp.stream": "329"
+ },
+ "dns": {
+ "dns.response_to": "29415",
+ "dns.time": "0.000539000",
+ "dns.id": "0x000004cc",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 01:33:22.181272000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508488402.181272000",
+ "frame.time_delta": "0.001198000",
+ "frame.time_delta_displayed": "0.001198000",
+ "frame.time_relative": "30689.776068000",
+ "frame.number": "29417",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00009ac3",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00001df7",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "50502",
+ "udp.dstport": "53",
+ "udp.port": "50502",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000162a",
+ "udp.checksum.status": "2",
+ "udp.stream": "330"
+ },
+ "dns": {
+ "dns.response_in": "29418",
+ "dns.id": "0x000004cd",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 01:33:22.181706000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508488402.181706000",
+ "frame.time_delta": "0.000434000",
+ "frame.time_delta_displayed": "0.000434000",
+ "frame.time_relative": "30689.776502000",
+ "frame.number": "29418",
+ "frame.len": "95",
+ "frame.cap_len": "95",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "81",
+ "ip.id": "0x0000a17d",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000172d",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "50502",
+ "udp.port": "53",
+ "udp.port": "50502",
+ "udp.length": "61",
+ "udp.checksum": "0x00008240",
+ "udp.checksum.status": "2",
+ "udp.stream": "330"
+ },
+ "dns": {
+ "dns.response_to": "29417",
+ "dns.time": "0.000434000",
+ "dns.id": "0x000004cd",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3220",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 01:37:52.855829000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508488672.855829000",
+ "frame.time_delta": "3.621068000",
+ "frame.time_delta_displayed": "270.674123000",
+ "frame.time_relative": "30960.450625000",
+ "frame.number": "29698",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000af13",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000009aa",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "51191",
+ "udp.dstport": "53",
+ "udp.port": "51191",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x000090f2",
+ "udp.checksum.status": "2",
+ "udp.stream": "331"
+ },
+ "dns": {
+ "dns.response_in": "29699",
+ "dns.id": "0x000004ce",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 01:37:52.862182000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508488672.862182000",
+ "frame.time_delta": "0.006353000",
+ "frame.time_delta_displayed": "0.006353000",
+ "frame.time_relative": "30960.456978000",
+ "frame.number": "29699",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000ff8b",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000b77c",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "51191",
+ "udp.port": "53",
+ "udp.port": "51191",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "331"
+ },
+ "dns": {
+ "dns.response_to": "29698",
+ "dns.time": "0.006353000",
+ "dns.id": "0x000004ce",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "144",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5958",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3974",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3974",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3974",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3974",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3974",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3974",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3974",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3974",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3974",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3503",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.131": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "42",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.131"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.94": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2816",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.94"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 23.67.56.213": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2882",
+ "dns.resp.len": "4",
+ "dns.a": "23.67.56.213"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.175": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5291",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.175"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7844",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.150"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.177": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3426",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.177"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.243": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3529",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.243"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "974",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 01:52:52.869701000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508489572.869701000",
+ "frame.time_delta": "1.064777000",
+ "frame.time_delta_displayed": "900.007519000",
+ "frame.time_relative": "31860.464497000",
+ "frame.number": "30491",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000c558",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000f364",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "43504",
+ "udp.dstport": "53",
+ "udp.port": "43504",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000aef8",
+ "udp.checksum.status": "2",
+ "udp.stream": "337"
+ },
+ "dns": {
+ "dns.response_in": "30492",
+ "dns.id": "0x000004cf",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 01:52:52.875803000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508489572.875803000",
+ "frame.time_delta": "0.006102000",
+ "frame.time_delta_displayed": "0.006102000",
+ "frame.time_relative": "31860.470599000",
+ "frame.number": "30492",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00004e2b",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000068dd",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "43504",
+ "udp.port": "53",
+ "udp.port": "43504",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "337"
+ },
+ "dns": {
+ "dns.response_to": "30491",
+ "dns.time": "0.006102000",
+ "dns.id": "0x000004cf",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "144",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5058",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3074",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3074",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3074",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3074",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3074",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3074",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3074",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3074",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3074",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2603",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7144",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.154"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.94": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1916",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.94"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 23.67.56.213": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1982",
+ "dns.resp.len": "4",
+ "dns.a": "23.67.56.213"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.175": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4391",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.175"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6944",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.150"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.177": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2526",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.177"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.243": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2629",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.243"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "74",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 02:07:52.881831000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508490472.881831000",
+ "frame.time_delta": "1.602333000",
+ "frame.time_delta_displayed": "900.006028000",
+ "frame.time_relative": "32760.476627000",
+ "frame.number": "31269",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000ce88",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000ea34",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "38554",
+ "udp.dstport": "53",
+ "udp.port": "38554",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000c24d",
+ "udp.checksum.status": "2",
+ "udp.stream": "343"
+ },
+ "dns": {
+ "dns.response_in": "31270",
+ "dns.id": "0x000004d0",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 02:07:52.891762000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508490472.891762000",
+ "frame.time_delta": "0.009931000",
+ "frame.time_delta_displayed": "0.009931000",
+ "frame.time_relative": "32760.486558000",
+ "frame.number": "31270",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00000e5c",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000a8ac",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "38554",
+ "udp.port": "53",
+ "udp.port": "38554",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "343"
+ },
+ "dns": {
+ "dns.response_to": "31269",
+ "dns.time": "0.009931000",
+ "dns.id": "0x000004d0",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "144",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4158",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2174",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2174",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2174",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2174",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2174",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2174",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2174",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2174",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2174",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1703",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6244",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.154"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.94": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1016",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.16.94"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 23.67.56.213": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1082",
+ "dns.resp.len": "4",
+ "dns.a": "23.67.56.213"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.175": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3491",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.175"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6044",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.150"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.177": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1626",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.177"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.243": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1729",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.134.243"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5177",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 02:22:52.901114000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508491372.901114000",
+ "frame.time_delta": "1.849865000",
+ "frame.time_delta_displayed": "900.009352000",
+ "frame.time_relative": "33660.495910000",
+ "frame.number": "32056",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00004594",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00007329",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "33202",
+ "udp.dstport": "53",
+ "udp.port": "33202",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000d734",
+ "udp.checksum.status": "2",
+ "udp.stream": "348"
+ },
+ "dns": {
+ "dns.response_in": "32057",
+ "dns.id": "0x000004d1",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 02:22:52.972380000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508491372.972380000",
+ "frame.time_delta": "0.071266000",
+ "frame.time_delta_displayed": "0.071266000",
+ "frame.time_relative": "33660.567176000",
+ "frame.number": "32057",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00002997",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00008d71",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "33202",
+ "udp.port": "53",
+ "udp.port": "33202",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "348"
+ },
+ "dns": {
+ "dns.response_to": "32056",
+ "dns.time": "0.071266000",
+ "dns.id": "0x000004d1",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "120",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1617",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1191",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1191",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1191",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1191",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1191",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1191",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1191",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1191",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1191",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2514",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1218",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.155": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1726",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.155"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 204.2.166.155": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1922",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.155"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 204.2.166.151": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4820",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.151"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 23.67.56.215": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2567",
+ "dns.resp.len": "4",
+ "dns.a": "23.67.56.215"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.151": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2380",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.151"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.155": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "425",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.155"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "202",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 02:33:22.349285000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508492002.349285000",
+ "frame.time_delta": "0.837648000",
+ "frame.time_delta_displayed": "629.376905000",
+ "frame.time_relative": "34289.944081000",
+ "frame.number": "32626",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000f99e",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000bf1b",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "52881",
+ "udp.dstport": "53",
+ "udp.port": "52881",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000f1d9",
+ "udp.checksum.status": "2",
+ "udp.stream": "352"
+ },
+ "dns": {
+ "dns.response_in": "32627",
+ "dns.id": "0x000004d2",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 02:33:22.351230000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508492002.351230000",
+ "frame.time_delta": "0.001945000",
+ "frame.time_delta_displayed": "0.001945000",
+ "frame.time_relative": "34289.946026000",
+ "frame.number": "32627",
+ "frame.len": "137",
+ "frame.cap_len": "137",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "123",
+ "ip.id": "0x0000ba2d",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000fe52",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "52881",
+ "udp.port": "53",
+ "udp.port": "52881",
+ "udp.length": "103",
+ "udp.checksum": "0x0000826a",
+ "udp.checksum.status": "2",
+ "udp.stream": "352"
+ },
+ "dns": {
+ "dns.response_to": "32626",
+ "dns.time": "0.001945000",
+ "dns.id": "0x000004d2",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "1",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "6",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3220",
+ "dns.resp.len": "46",
+ "dns.soa.mname": "ns1.ext.philips.com",
+ "dns.soa.rname": "ddi-authority.philips.com",
+ "dns.soa.serial_number": "387",
+ "dns.soa.refresh_interval": "1200",
+ "dns.soa.retry_interval": "300",
+ "dns.soa.expire_limit": "1209600",
+ "dns.soa.mininum_ttl": "3600"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 02:33:22.352051000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508492002.352051000",
+ "frame.time_delta": "0.000821000",
+ "frame.time_delta_displayed": "0.000821000",
+ "frame.time_relative": "34289.946847000",
+ "frame.number": "32628",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000f99f",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000bf1a",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "43337",
+ "udp.dstport": "53",
+ "udp.port": "43337",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00003221",
+ "udp.checksum.status": "2",
+ "udp.stream": "353"
+ },
+ "dns": {
+ "dns.response_in": "32629",
+ "dns.id": "0x000004d3",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 02:33:22.392543000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508492002.392543000",
+ "frame.time_delta": "0.040492000",
+ "frame.time_delta_displayed": "0.040492000",
+ "frame.time_relative": "34289.987339000",
+ "frame.number": "32629",
+ "frame.len": "285",
+ "frame.cap_len": "285",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "271",
+ "ip.id": "0x0000ba30",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000fdbb",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "43337",
+ "udp.port": "53",
+ "udp.port": "43337",
+ "udp.length": "251",
+ "udp.checksum": "0x000082fe",
+ "udp.checksum.status": "2",
+ "udp.stream": "353"
+ },
+ "dns": {
+ "dns.response_to": "32628",
+ "dns.time": "0.040492000",
+ "dns.id": "0x000004d3",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "6",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3220",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1411",
+ "dns.resp.len": "10",
+ "dns.ns": "ns3.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1411",
+ "dns.resp.len": "6",
+ "dns.ns": "ns2.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1411",
+ "dns.resp.len": "6",
+ "dns.ns": "ns1.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "171851",
+ "dns.resp.len": "4",
+ "dns.a": "57.67.40.20"
+ },
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "142774",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "142774",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "161029",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "32751",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "32751",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 02:33:22.810223000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508492002.810223000",
+ "frame.time_delta": "0.001028000",
+ "frame.time_delta_displayed": "0.417680000",
+ "frame.time_relative": "34290.405019000",
+ "frame.number": "32645",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000f9af",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000bf0a",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "54367",
+ "udp.dstport": "53",
+ "udp.port": "54367",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000ec09",
+ "udp.checksum.status": "2",
+ "udp.stream": "354"
+ },
+ "dns": {
+ "dns.response_in": "32646",
+ "dns.id": "0x000004d4",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 02:33:22.810817000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508492002.810817000",
+ "frame.time_delta": "0.000594000",
+ "frame.time_delta_displayed": "0.000594000",
+ "frame.time_relative": "34290.405613000",
+ "frame.number": "32646",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000ba35",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000fe84",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "54367",
+ "udp.port": "53",
+ "udp.port": "54367",
+ "udp.length": "45",
+ "udp.checksum": "0x00008230",
+ "udp.checksum.status": "2",
+ "udp.stream": "354"
+ },
+ "dns": {
+ "dns.response_to": "32645",
+ "dns.time": "0.000594000",
+ "dns.id": "0x000004d4",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 02:33:22.811626000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508492002.811626000",
+ "frame.time_delta": "0.000809000",
+ "frame.time_delta_displayed": "0.000809000",
+ "frame.time_relative": "34290.406422000",
+ "frame.number": "32647",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000f9b0",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000bf09",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "39432",
+ "udp.dstport": "53",
+ "udp.port": "39432",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00004160",
+ "udp.checksum.status": "2",
+ "udp.stream": "355"
+ },
+ "dns": {
+ "dns.response_in": "32648",
+ "dns.id": "0x000004d5",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 02:33:22.812191000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508492002.812191000",
+ "frame.time_delta": "0.000565000",
+ "frame.time_delta_displayed": "0.000565000",
+ "frame.time_relative": "34290.406987000",
+ "frame.number": "32648",
+ "frame.len": "95",
+ "frame.cap_len": "95",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "81",
+ "ip.id": "0x0000ba36",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000fe73",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "39432",
+ "udp.port": "53",
+ "udp.port": "39432",
+ "udp.length": "61",
+ "udp.checksum": "0x00008240",
+ "udp.checksum.status": "2",
+ "udp.stream": "355"
+ },
+ "dns": {
+ "dns.response_to": "32647",
+ "dns.time": "0.000565000",
+ "dns.id": "0x000004d5",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3220",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 02:37:53.011030000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508492273.011030000",
+ "frame.time_delta": "0.622307000",
+ "frame.time_delta_displayed": "270.198839000",
+ "frame.time_relative": "34560.605826000",
+ "frame.number": "32884",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000400c",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000078b1",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "44772",
+ "udp.dstport": "53",
+ "udp.port": "44772",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000a9fd",
+ "udp.checksum.status": "2",
+ "udp.stream": "356"
+ },
+ "dns": {
+ "dns.response_in": "32885",
+ "dns.id": "0x000004d6",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 02:37:53.016866000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508492273.016866000",
+ "frame.time_delta": "0.005836000",
+ "frame.time_delta_displayed": "0.005836000",
+ "frame.time_relative": "34560.611662000",
+ "frame.number": "32885",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000c41b",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000f2ec",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "44772",
+ "udp.port": "53",
+ "udp.port": "44772",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "356"
+ },
+ "dns": {
+ "dns.response_to": "32884",
+ "dns.time": "0.005836000",
+ "dns.id": "0x000004d6",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "143",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2357",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "373",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "373",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "373",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "373",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "373",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "373",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "373",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "373",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "373",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3904",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4443",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.154"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.175": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7217",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.175"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.174": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3284",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.174"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.175": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1690",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.175"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4243",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.150"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.154": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3827",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.154"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5929",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3376",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 02:52:53.027071000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508493173.027071000",
+ "frame.time_delta": "3.719993000",
+ "frame.time_delta_displayed": "900.010205000",
+ "frame.time_relative": "35460.621867000",
+ "frame.number": "33758",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x000044d0",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000073ed",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "54661",
+ "udp.dstport": "53",
+ "udp.port": "54661",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000835b",
+ "udp.checksum.status": "2",
+ "udp.stream": "360"
+ },
+ "dns": {
+ "dns.response_in": "33759",
+ "dns.id": "0x000004d7",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 02:52:53.101742000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508493173.101742000",
+ "frame.time_delta": "0.074671000",
+ "frame.time_delta_displayed": "0.074671000",
+ "frame.time_relative": "35460.696538000",
+ "frame.number": "33759",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000f93b",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000bdcc",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "54661",
+ "udp.port": "53",
+ "udp.port": "54661",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "360"
+ },
+ "dns": {
+ "dns.response_to": "33758",
+ "dns.time": "0.074671000",
+ "dns.id": "0x000004d7",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "300",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1457",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3473",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3473",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3473",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3473",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3473",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3473",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3473",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3473",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3473",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3004",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3543",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.154"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.175": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6317",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.175"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.174": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2384",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.174"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.175": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "790",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.175"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3343",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.150"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.154": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2927",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.154"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5029",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2476",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 03:07:53.107570000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508494073.107570000",
+ "frame.time_delta": "7.786097000",
+ "frame.time_delta_displayed": "900.005828000",
+ "frame.time_relative": "36360.702366000",
+ "frame.number": "34517",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000f210",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000c6ac",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "49914",
+ "udp.dstport": "53",
+ "udp.port": "49914",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x000095e5",
+ "udp.checksum.status": "2",
+ "udp.stream": "368"
+ },
+ "dns": {
+ "dns.response_in": "34518",
+ "dns.id": "0x000004d8",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 03:07:53.114086000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508494073.114086000",
+ "frame.time_delta": "0.006516000",
+ "frame.time_delta_displayed": "0.006516000",
+ "frame.time_relative": "36360.708882000",
+ "frame.number": "34518",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000cccb",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000ea3c",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "49914",
+ "udp.port": "53",
+ "udp.port": "49914",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "368"
+ },
+ "dns": {
+ "dns.response_to": "34517",
+ "dns.time": "0.006516000",
+ "dns.id": "0x000004d8",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "143",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "557",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2573",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2573",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2573",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2573",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2573",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2573",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2573",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2573",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2573",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2104",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2643",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.154"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.175": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5417",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.175"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.174": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1484",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.174"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.225": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5891",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.225"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2443",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.150"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.154": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2027",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.154"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4129",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1576",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 03:22:53.123990000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508494973.123990000",
+ "frame.time_delta": "1.660357000",
+ "frame.time_delta_displayed": "900.009904000",
+ "frame.time_relative": "37260.718786000",
+ "frame.number": "35283",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x000001f8",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000b6c5",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "44922",
+ "udp.dstport": "53",
+ "udp.port": "44922",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000a964",
+ "udp.checksum.status": "2",
+ "udp.stream": "372"
+ },
+ "dns": {
+ "dns.response_in": "35284",
+ "dns.id": "0x000004d9",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 03:22:53.134103000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508494973.134103000",
+ "frame.time_delta": "0.010113000",
+ "frame.time_delta_displayed": "0.010113000",
+ "frame.time_relative": "37260.728899000",
+ "frame.number": "35284",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x000006d5",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000b033",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "44922",
+ "udp.port": "53",
+ "udp.port": "44922",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "372"
+ },
+ "dns": {
+ "dns.response_to": "35283",
+ "dns.time": "0.010113000",
+ "dns.id": "0x000004d9",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "144",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "21444",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1673",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1673",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1673",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1673",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1673",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1673",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1673",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1673",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1673",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1204",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1743",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.154"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.175": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4517",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.175"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.174": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "584",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.174"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.225": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4991",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.225"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1543",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.150"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.154": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1127",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.154"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3229",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "676",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 03:33:22.916241000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508495602.916241000",
+ "frame.time_delta": "3.559096000",
+ "frame.time_delta_displayed": "629.782138000",
+ "frame.time_relative": "37890.511037000",
+ "frame.number": "35811",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00007ba1",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00003d19",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "49663",
+ "udp.dstport": "53",
+ "udp.port": "49663",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000fe63",
+ "udp.checksum.status": "2",
+ "udp.stream": "376"
+ },
+ "dns": {
+ "dns.response_in": "35812",
+ "dns.id": "0x000004da",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 03:33:22.918183000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508495602.918183000",
+ "frame.time_delta": "0.001942000",
+ "frame.time_delta_displayed": "0.001942000",
+ "frame.time_relative": "37890.512979000",
+ "frame.number": "35812",
+ "frame.len": "137",
+ "frame.cap_len": "137",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "123",
+ "ip.id": "0x0000d276",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000e609",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "49663",
+ "udp.port": "53",
+ "udp.port": "49663",
+ "udp.length": "103",
+ "udp.checksum": "0x0000826a",
+ "udp.checksum.status": "2",
+ "udp.stream": "376"
+ },
+ "dns": {
+ "dns.response_to": "35811",
+ "dns.time": "0.001942000",
+ "dns.id": "0x000004da",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "1",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "6",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1787",
+ "dns.resp.len": "46",
+ "dns.soa.mname": "ns1.ext.philips.com",
+ "dns.soa.rname": "ddi-authority.philips.com",
+ "dns.soa.serial_number": "387",
+ "dns.soa.refresh_interval": "1200",
+ "dns.soa.retry_interval": "300",
+ "dns.soa.expire_limit": "1209600",
+ "dns.soa.mininum_ttl": "3600"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 03:33:22.920557000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508495602.920557000",
+ "frame.time_delta": "0.002374000",
+ "frame.time_delta_displayed": "0.002374000",
+ "frame.time_relative": "37890.515353000",
+ "frame.number": "35813",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00007ba2",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00003d18",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "33688",
+ "udp.dstport": "53",
+ "udp.port": "33688",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x000057ca",
+ "udp.checksum.status": "2",
+ "udp.stream": "377"
+ },
+ "dns": {
+ "dns.response_in": "35814",
+ "dns.id": "0x000004db",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 03:33:22.922284000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508495602.922284000",
+ "frame.time_delta": "0.001727000",
+ "frame.time_delta_displayed": "0.001727000",
+ "frame.time_relative": "37890.517080000",
+ "frame.number": "35814",
+ "frame.len": "285",
+ "frame.cap_len": "285",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "271",
+ "ip.id": "0x0000d277",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000e574",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "33688",
+ "udp.port": "53",
+ "udp.port": "33688",
+ "udp.length": "251",
+ "udp.checksum": "0x000082fe",
+ "udp.checksum.status": "2",
+ "udp.stream": "377"
+ },
+ "dns": {
+ "dns.response_to": "35813",
+ "dns.time": "0.001727000",
+ "dns.id": "0x000004db",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "6",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2989",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1787",
+ "dns.resp.len": "10",
+ "dns.ns": "ns3.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1787",
+ "dns.resp.len": "6",
+ "dns.ns": "ns1.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1787",
+ "dns.resp.len": "6",
+ "dns.ns": "ns2.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "119008",
+ "dns.resp.len": "4",
+ "dns.a": "57.67.40.20"
+ },
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "143726",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "143726",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "122627",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "115200",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "115200",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 03:33:23.341511000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508495603.341511000",
+ "frame.time_delta": "0.001324000",
+ "frame.time_delta_displayed": "0.419227000",
+ "frame.time_relative": "37890.936307000",
+ "frame.number": "35830",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00007bba",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00003d00",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "36096",
+ "udp.dstport": "53",
+ "udp.port": "36096",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00003361",
+ "udp.checksum.status": "2",
+ "udp.stream": "378"
+ },
+ "dns": {
+ "dns.response_in": "35831",
+ "dns.id": "0x000004dc",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 03:33:23.341806000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508495603.341806000",
+ "frame.time_delta": "0.000295000",
+ "frame.time_delta_displayed": "0.000295000",
+ "frame.time_relative": "37890.936602000",
+ "frame.number": "35831",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000d284",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000e635",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "36096",
+ "udp.port": "53",
+ "udp.port": "36096",
+ "udp.length": "45",
+ "udp.checksum": "0x00008230",
+ "udp.checksum.status": "2",
+ "udp.stream": "378"
+ },
+ "dns": {
+ "dns.response_to": "35830",
+ "dns.time": "0.000295000",
+ "dns.id": "0x000004dc",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 03:33:23.342577000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508495603.342577000",
+ "frame.time_delta": "0.000771000",
+ "frame.time_delta_displayed": "0.000771000",
+ "frame.time_relative": "37890.937373000",
+ "frame.number": "35832",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00007bbb",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00003cff",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "49358",
+ "udp.dstport": "53",
+ "udp.port": "49358",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00001a92",
+ "udp.checksum.status": "2",
+ "udp.stream": "379"
+ },
+ "dns": {
+ "dns.response_in": "35833",
+ "dns.id": "0x000004dd",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 03:33:23.342908000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508495603.342908000",
+ "frame.time_delta": "0.000331000",
+ "frame.time_delta_displayed": "0.000331000",
+ "frame.time_relative": "37890.937704000",
+ "frame.number": "35833",
+ "frame.len": "95",
+ "frame.cap_len": "95",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "81",
+ "ip.id": "0x0000d285",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000e624",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "49358",
+ "udp.port": "53",
+ "udp.port": "49358",
+ "udp.length": "61",
+ "udp.checksum": "0x00008240",
+ "udp.checksum.status": "2",
+ "udp.stream": "379"
+ },
+ "dns": {
+ "dns.response_to": "35832",
+ "dns.time": "0.000331000",
+ "dns.id": "0x000004dd",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2988",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 03:37:53.142390000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508495873.142390000",
+ "frame.time_delta": "3.770169000",
+ "frame.time_delta_displayed": "269.799482000",
+ "frame.time_relative": "38160.737186000",
+ "frame.number": "36053",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000d08e",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000e82e",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "36775",
+ "udp.dstport": "53",
+ "udp.port": "36775",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000c932",
+ "udp.checksum.status": "2",
+ "udp.stream": "380"
+ },
+ "dns": {
+ "dns.response_in": "36054",
+ "dns.id": "0x000004de",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 03:37:53.148990000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508495873.148990000",
+ "frame.time_delta": "0.006600000",
+ "frame.time_delta_displayed": "0.006600000",
+ "frame.time_relative": "38160.743786000",
+ "frame.number": "36054",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000fff7",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000b710",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "36775",
+ "udp.port": "53",
+ "udp.port": "36775",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "380"
+ },
+ "dns": {
+ "dns.response_to": "36053",
+ "dns.time": "0.006600000",
+ "dns.id": "0x000004de",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "144",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20544",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "773",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "773",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "773",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "773",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "773",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "773",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "773",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "773",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "773",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "304",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "843",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.154"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.175": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3617",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.175"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3691",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.108"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.225": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4091",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.225"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "643",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.150"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.154": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "227",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.154"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2329",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5779",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 03:52:53.157944000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508496773.157944000",
+ "frame.time_delta": "0.549528000",
+ "frame.time_delta_displayed": "900.008954000",
+ "frame.time_relative": "39060.752740000",
+ "frame.number": "36810",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000fe35",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000ba87",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "58619",
+ "udp.dstport": "53",
+ "udp.port": "58619",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x000073dd",
+ "udp.checksum.status": "2",
+ "udp.stream": "384"
+ },
+ "dns": {
+ "dns.response_in": "36811",
+ "dns.id": "0x000004df",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 03:52:53.164664000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508496773.164664000",
+ "frame.time_delta": "0.006720000",
+ "frame.time_delta_displayed": "0.006720000",
+ "frame.time_relative": "39060.759460000",
+ "frame.number": "36811",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00004af7",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00006c11",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "58619",
+ "udp.port": "53",
+ "udp.port": "58619",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "384"
+ },
+ "dns": {
+ "dns.response_to": "36810",
+ "dns.time": "0.006720000",
+ "dns.id": "0x000004df",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "144",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "19644",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3873",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3873",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3873",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3873",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3873",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3873",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3873",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3873",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3873",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3407",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 96.17.70.173": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7948",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.173"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.175": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2717",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.175"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2791",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.108"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.225": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3191",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.225"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 209.18.46.218": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7745",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.218"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.131": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3330",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.131"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1429",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4879",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 04:07:53.171491000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508497673.171491000",
+ "frame.time_delta": "3.380707000",
+ "frame.time_delta_displayed": "900.006827000",
+ "frame.time_relative": "39960.766287000",
+ "frame.number": "37558",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00001426",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000a497",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "46109",
+ "udp.dstport": "53",
+ "udp.port": "46109",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000a4ba",
+ "udp.checksum.status": "2",
+ "udp.stream": "388"
+ },
+ "dns": {
+ "dns.response_in": "37559",
+ "dns.id": "0x000004e0",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 04:07:53.178025000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508497673.178025000",
+ "frame.time_delta": "0.006534000",
+ "frame.time_delta_displayed": "0.006534000",
+ "frame.time_relative": "39960.772821000",
+ "frame.number": "37559",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000d1c0",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000e547",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "46109",
+ "udp.port": "53",
+ "udp.port": "46109",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "388"
+ },
+ "dns": {
+ "dns.response_to": "37558",
+ "dns.time": "0.006534000",
+ "dns.id": "0x000004e0",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "121",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "16919",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2890",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2890",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2890",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2890",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2890",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2890",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2890",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2890",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2890",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "220",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.233": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2919",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.233"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3429",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3625",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.108"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.217": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4526",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.217"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 209.18.46.223": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4270",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.223"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 209.18.46.221": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "83",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.221"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "127",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.108"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5928",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 04:22:53.188284000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508498573.188284000",
+ "frame.time_delta": "2.605383000",
+ "frame.time_delta_displayed": "900.010259000",
+ "frame.time_relative": "40860.783080000",
+ "frame.number": "38342",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00001f18",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000099a5",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "55484",
+ "udp.dstport": "53",
+ "udp.port": "55484",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000801a",
+ "udp.checksum.status": "2",
+ "udp.stream": "397"
+ },
+ "dns": {
+ "dns.response_in": "38343",
+ "dns.id": "0x000004e1",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 04:22:53.198461000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508498573.198461000",
+ "frame.time_delta": "0.010177000",
+ "frame.time_delta_displayed": "0.010177000",
+ "frame.time_relative": "40860.793257000",
+ "frame.number": "38343",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00000c8c",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000aa7c",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "55484",
+ "udp.port": "53",
+ "udp.port": "55484",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "397"
+ },
+ "dns": {
+ "dns.response_to": "38342",
+ "dns.time": "0.010177000",
+ "dns.id": "0x000004e1",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "121",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "16019",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1990",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1990",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1990",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1990",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1990",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1990",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1990",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1990",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1990",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3326",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.233": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2019",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.233"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2529",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2725",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.108"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.217": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3626",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.217"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 209.18.46.223": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3370",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.223"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 173.197.192.232": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3208",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.232"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 96.17.70.173": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5231",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.173"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5028",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 04:33:23.646883000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508499203.646883000",
+ "frame.time_delta": "3.475755000",
+ "frame.time_delta_displayed": "630.448422000",
+ "frame.time_relative": "41491.241679000",
+ "frame.number": "38816",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000984f",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000206b",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "49413",
+ "udp.dstport": "53",
+ "udp.port": "49413",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000ff55",
+ "udp.checksum.status": "2",
+ "udp.stream": "398"
+ },
+ "dns": {
+ "dns.response_in": "38817",
+ "dns.id": "0x000004e2",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 04:33:23.648923000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508499203.648923000",
+ "frame.time_delta": "0.002040000",
+ "frame.time_delta_displayed": "0.002040000",
+ "frame.time_relative": "41491.243719000",
+ "frame.number": "38817",
+ "frame.len": "137",
+ "frame.cap_len": "137",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "123",
+ "ip.id": "0x000050e3",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000679d",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "49413",
+ "udp.port": "53",
+ "udp.port": "49413",
+ "udp.length": "103",
+ "udp.checksum": "0x0000826a",
+ "udp.checksum.status": "2",
+ "udp.stream": "398"
+ },
+ "dns": {
+ "dns.response_to": "38816",
+ "dns.time": "0.002040000",
+ "dns.id": "0x000004e2",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "1",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "6",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1786",
+ "dns.resp.len": "46",
+ "dns.soa.mname": "ns1.ext.philips.com",
+ "dns.soa.rname": "ddi-authority.philips.com",
+ "dns.soa.serial_number": "387",
+ "dns.soa.refresh_interval": "1200",
+ "dns.soa.retry_interval": "300",
+ "dns.soa.expire_limit": "1209600",
+ "dns.soa.mininum_ttl": "3600"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 04:33:23.651769000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508499203.651769000",
+ "frame.time_delta": "0.002846000",
+ "frame.time_delta_displayed": "0.002846000",
+ "frame.time_relative": "41491.246565000",
+ "frame.number": "38818",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00009850",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000206a",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "36635",
+ "udp.dstport": "53",
+ "udp.port": "36635",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00004c3f",
+ "udp.checksum.status": "2",
+ "udp.stream": "399"
+ },
+ "dns": {
+ "dns.response_in": "38819",
+ "dns.id": "0x000004e3",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 04:33:23.653376000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508499203.653376000",
+ "frame.time_delta": "0.001607000",
+ "frame.time_delta_displayed": "0.001607000",
+ "frame.time_relative": "41491.248172000",
+ "frame.number": "38819",
+ "frame.len": "285",
+ "frame.cap_len": "285",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "271",
+ "ip.id": "0x000050e4",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00006708",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "36635",
+ "udp.port": "53",
+ "udp.port": "36635",
+ "udp.length": "251",
+ "udp.checksum": "0x000082fe",
+ "udp.checksum.status": "2",
+ "udp.stream": "399"
+ },
+ "dns": {
+ "dns.response_to": "38818",
+ "dns.time": "0.001607000",
+ "dns.id": "0x000004e3",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "6",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2989",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1786",
+ "dns.resp.len": "10",
+ "dns.ns": "ns1.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1786",
+ "dns.resp.len": "6",
+ "dns.ns": "ns2.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1786",
+ "dns.resp.len": "6",
+ "dns.ns": "ns3.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "115407",
+ "dns.resp.len": "4",
+ "dns.a": "57.67.40.20"
+ },
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "140125",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "140125",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "119026",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "111599",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "111599",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 04:33:24.064209000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508499204.064209000",
+ "frame.time_delta": "0.000887000",
+ "frame.time_delta_displayed": "0.410833000",
+ "frame.time_relative": "41491.659005000",
+ "frame.number": "38835",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00009876",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00002044",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "44523",
+ "udp.dstport": "53",
+ "udp.port": "44523",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000126e",
+ "udp.checksum.status": "2",
+ "udp.stream": "400"
+ },
+ "dns": {
+ "dns.response_in": "38836",
+ "dns.id": "0x000004e4",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 04:33:24.064806000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508499204.064806000",
+ "frame.time_delta": "0.000597000",
+ "frame.time_delta_displayed": "0.000597000",
+ "frame.time_relative": "41491.659602000",
+ "frame.number": "38836",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00005106",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000067b4",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "44523",
+ "udp.port": "53",
+ "udp.port": "44523",
+ "udp.length": "45",
+ "udp.checksum": "0x00008230",
+ "udp.checksum.status": "2",
+ "udp.stream": "400"
+ },
+ "dns": {
+ "dns.response_to": "38835",
+ "dns.time": "0.000597000",
+ "dns.id": "0x000004e4",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 04:33:24.065754000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508499204.065754000",
+ "frame.time_delta": "0.000948000",
+ "frame.time_delta_displayed": "0.000948000",
+ "frame.time_relative": "41491.660550000",
+ "frame.number": "38837",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00009877",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00002043",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "44144",
+ "udp.dstport": "53",
+ "udp.port": "44144",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00002ee8",
+ "udp.checksum.status": "2",
+ "udp.stream": "401"
+ },
+ "dns": {
+ "dns.response_in": "38838",
+ "dns.id": "0x000004e5",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 04:33:24.066174000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508499204.066174000",
+ "frame.time_delta": "0.000420000",
+ "frame.time_delta_displayed": "0.000420000",
+ "frame.time_relative": "41491.660970000",
+ "frame.number": "38838",
+ "frame.len": "95",
+ "frame.cap_len": "95",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "81",
+ "ip.id": "0x00005107",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000067a3",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "44144",
+ "udp.port": "53",
+ "udp.port": "44144",
+ "udp.length": "61",
+ "udp.checksum": "0x00008240",
+ "udp.checksum.status": "2",
+ "udp.stream": "401"
+ },
+ "dns": {
+ "dns.response_to": "38837",
+ "dns.time": "0.000420000",
+ "dns.id": "0x000004e5",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2988",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 04:37:53.206495000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508499473.206495000",
+ "frame.time_delta": "0.549295000",
+ "frame.time_delta_displayed": "269.140321000",
+ "frame.time_relative": "41760.801291000",
+ "frame.number": "39097",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000dbe6",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000dcd6",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "45662",
+ "udp.dstport": "53",
+ "udp.port": "45662",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000a673",
+ "udp.checksum.status": "2",
+ "udp.stream": "405"
+ },
+ "dns": {
+ "dns.response_in": "39098",
+ "dns.id": "0x000004e6",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 04:37:53.212525000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508499473.212525000",
+ "frame.time_delta": "0.006030000",
+ "frame.time_delta_displayed": "0.006030000",
+ "frame.time_relative": "41760.807321000",
+ "frame.number": "39098",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000808b",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000367d",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "45662",
+ "udp.port": "53",
+ "udp.port": "45662",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "405"
+ },
+ "dns": {
+ "dns.response_to": "39097",
+ "dns.time": "0.006030000",
+ "dns.id": "0x000004e6",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "121",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "15119",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1090",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1090",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1090",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1090",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1090",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1090",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1090",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1090",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1090",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2426",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.233": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1119",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.233"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1629",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1825",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.108"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.217": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2726",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.217"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 209.18.46.223": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2470",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.223"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 173.197.192.232": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2308",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.232"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 96.17.70.173": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4331",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.173"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4128",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 04:52:53.219299000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508500373.219299000",
+ "frame.time_delta": "3.495831000",
+ "frame.time_delta_displayed": "900.006774000",
+ "frame.time_relative": "42660.814095000",
+ "frame.number": "39806",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00005dbd",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00005b00",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "40448",
+ "udp.dstport": "53",
+ "udp.port": "40448",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000bad0",
+ "udp.checksum.status": "2",
+ "udp.stream": "409"
+ },
+ "dns": {
+ "dns.response_in": "39807",
+ "dns.id": "0x000004e7",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 04:52:53.225624000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508500373.225624000",
+ "frame.time_delta": "0.006325000",
+ "frame.time_delta_displayed": "0.006325000",
+ "frame.time_relative": "42660.820420000",
+ "frame.number": "39807",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000ac16",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00000af2",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "40448",
+ "udp.port": "53",
+ "udp.port": "40448",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "409"
+ },
+ "dns": {
+ "dns.response_to": "39806",
+ "dns.time": "0.006325000",
+ "dns.id": "0x000004e7",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "122",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "14219",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "190",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "190",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "190",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "190",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "190",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "190",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "190",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "190",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "190",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1526",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.233": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "219",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.233"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "729",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "925",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.108"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.217": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1826",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.217"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 209.18.46.223": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1570",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.223"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 173.197.192.232": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1408",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.232"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 96.17.70.173": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3431",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.173"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3228",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 05:07:53.234776000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508501273.234776000",
+ "frame.time_delta": "0.078020000",
+ "frame.time_delta_displayed": "900.009152000",
+ "frame.time_relative": "43560.829572000",
+ "frame.number": "40624",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00006faa",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00004913",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "56663",
+ "udp.dstport": "53",
+ "udp.port": "56663",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x00007b78",
+ "udp.checksum.status": "2",
+ "udp.stream": "410"
+ },
+ "dns": {
+ "dns.response_in": "40625",
+ "dns.id": "0x000004e8",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 05:07:53.240805000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508501273.240805000",
+ "frame.time_delta": "0.006029000",
+ "frame.time_delta_displayed": "0.006029000",
+ "frame.time_relative": "43560.835601000",
+ "frame.number": "40625",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000456f",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00007199",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "56663",
+ "udp.port": "53",
+ "udp.port": "56663",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "410"
+ },
+ "dns": {
+ "dns.response_to": "40624",
+ "dns.time": "0.006029000",
+ "dns.id": "0x000004e8",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "122",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "13319",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3298",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3298",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3298",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3298",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3298",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3298",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3298",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3298",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3298",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "626",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7320",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7830",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "25",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.108"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.217": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "926",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.217"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 209.18.46.223": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "670",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.223"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 173.197.192.232": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "508",
+ "dns.resp.len": "4",
+ "dns.a": "173.197.192.232"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 96.17.70.173": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2531",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.173"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2328",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 05:22:53.251101000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508502173.251101000",
+ "frame.time_delta": "2.791011000",
+ "frame.time_delta_displayed": "900.010296000",
+ "frame.time_relative": "44460.845897000",
+ "frame.number": "41391",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000c79b",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000f121",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "47619",
+ "udp.dstport": "53",
+ "udp.port": "47619",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x00009ecb",
+ "udp.checksum.status": "2",
+ "udp.stream": "417"
+ },
+ "dns": {
+ "dns.response_in": "41392",
+ "dns.id": "0x000004e9",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 05:22:53.257780000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508502173.257780000",
+ "frame.time_delta": "0.006679000",
+ "frame.time_delta_displayed": "0.006679000",
+ "frame.time_relative": "44460.852576000",
+ "frame.number": "41392",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00002ab8",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00008c50",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "47619",
+ "udp.port": "53",
+ "udp.port": "47619",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "417"
+ },
+ "dns": {
+ "dns.response_to": "41391",
+ "dns.time": "0.006679000",
+ "dns.id": "0x000004e9",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "122",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "12419",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2398",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2398",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2398",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2398",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2398",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2398",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2398",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2398",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2398",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3749",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6420",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6930",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.133": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3133",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.133"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.217": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "26",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.217"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7774",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3612",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.150"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 96.17.70.173": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1631",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.173"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1428",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 05:33:22.354168000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508502802.354168000",
+ "frame.time_delta": "7.493030000",
+ "frame.time_delta_displayed": "629.096388000",
+ "frame.time_relative": "45089.948964000",
+ "frame.number": "41927",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00004173",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00007747",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "36484",
+ "udp.dstport": "53",
+ "udp.port": "36484",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x000031cf",
+ "udp.checksum.status": "2",
+ "udp.stream": "422"
+ },
+ "dns": {
+ "dns.response_in": "41928",
+ "dns.id": "0x000004ea",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 05:33:22.356157000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508502802.356157000",
+ "frame.time_delta": "0.001989000",
+ "frame.time_delta_displayed": "0.001989000",
+ "frame.time_relative": "45089.950953000",
+ "frame.number": "41928",
+ "frame.len": "137",
+ "frame.cap_len": "137",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "123",
+ "ip.id": "0x00009f4a",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00001936",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "36484",
+ "udp.port": "53",
+ "udp.port": "36484",
+ "udp.length": "103",
+ "udp.checksum": "0x0000826a",
+ "udp.checksum.status": "2",
+ "udp.stream": "422"
+ },
+ "dns": {
+ "dns.response_to": "41927",
+ "dns.time": "0.001989000",
+ "dns.id": "0x000004ea",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "1",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "6",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1",
+ "dns.resp.len": "46",
+ "dns.soa.mname": "ns1.ext.philips.com",
+ "dns.soa.rname": "ddi-authority.philips.com",
+ "dns.soa.serial_number": "387",
+ "dns.soa.refresh_interval": "1200",
+ "dns.soa.retry_interval": "300",
+ "dns.soa.expire_limit": "1209600",
+ "dns.soa.mininum_ttl": "3600"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 05:33:22.357016000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508502802.357016000",
+ "frame.time_delta": "0.000859000",
+ "frame.time_delta_displayed": "0.000859000",
+ "frame.time_relative": "45089.951812000",
+ "frame.number": "41929",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00004174",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00007746",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "37527",
+ "udp.dstport": "53",
+ "udp.port": "37527",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x000048bb",
+ "udp.checksum.status": "2",
+ "udp.stream": "423"
+ },
+ "dns": {
+ "dns.response_in": "41930",
+ "dns.id": "0x000004eb",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 05:33:22.358502000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508502802.358502000",
+ "frame.time_delta": "0.001486000",
+ "frame.time_delta_displayed": "0.001486000",
+ "frame.time_relative": "45089.953298000",
+ "frame.number": "41930",
+ "frame.len": "285",
+ "frame.cap_len": "285",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "271",
+ "ip.id": "0x00009f4b",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000018a1",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "37527",
+ "udp.port": "53",
+ "udp.port": "37527",
+ "udp.length": "251",
+ "udp.checksum": "0x000082fe",
+ "udp.checksum.status": "2",
+ "udp.stream": "423"
+ },
+ "dns": {
+ "dns.response_to": "41929",
+ "dns.time": "0.001486000",
+ "dns.id": "0x000004eb",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "6",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "413",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2799",
+ "dns.resp.len": "10",
+ "dns.ns": "ns2.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2799",
+ "dns.resp.len": "6",
+ "dns.ns": "ns3.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2799",
+ "dns.resp.len": "6",
+ "dns.ns": "ns1.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "161051",
+ "dns.resp.len": "4",
+ "dns.a": "57.67.40.20"
+ },
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "131974",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "131974",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "150229",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "21951",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "21951",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 05:33:22.769938000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508502802.769938000",
+ "frame.time_delta": "0.000959000",
+ "frame.time_delta_displayed": "0.411436000",
+ "frame.time_relative": "45090.364734000",
+ "frame.number": "41946",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000418a",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00007730",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "35698",
+ "udp.dstport": "53",
+ "udp.port": "35698",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x000034df",
+ "udp.checksum.status": "2",
+ "udp.stream": "424"
+ },
+ "dns": {
+ "dns.response_in": "41947",
+ "dns.id": "0x000004ec",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 05:33:22.770497000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508502802.770497000",
+ "frame.time_delta": "0.000559000",
+ "frame.time_delta_displayed": "0.000559000",
+ "frame.time_relative": "45090.365293000",
+ "frame.number": "41947",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00009f51",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00001969",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "35698",
+ "udp.port": "53",
+ "udp.port": "35698",
+ "udp.length": "45",
+ "udp.checksum": "0x00008230",
+ "udp.checksum.status": "2",
+ "udp.stream": "424"
+ },
+ "dns": {
+ "dns.response_to": "41946",
+ "dns.time": "0.000559000",
+ "dns.id": "0x000004ec",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 05:33:22.771306000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508502802.771306000",
+ "frame.time_delta": "0.000809000",
+ "frame.time_delta_displayed": "0.000809000",
+ "frame.time_relative": "45090.366102000",
+ "frame.number": "41948",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000418b",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000772f",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "59480",
+ "udp.dstport": "53",
+ "udp.port": "59480",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000f2f7",
+ "udp.checksum.status": "2",
+ "udp.stream": "425"
+ },
+ "dns": {
+ "dns.response_in": "41949",
+ "dns.id": "0x000004ed",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 05:33:22.771826000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508502802.771826000",
+ "frame.time_delta": "0.000520000",
+ "frame.time_delta_displayed": "0.000520000",
+ "frame.time_relative": "45090.366622000",
+ "frame.number": "41949",
+ "frame.len": "95",
+ "frame.cap_len": "95",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "81",
+ "ip.id": "0x00009f52",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00001958",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "59480",
+ "udp.port": "53",
+ "udp.port": "59480",
+ "udp.length": "61",
+ "udp.checksum": "0x00008240",
+ "udp.checksum.status": "2",
+ "udp.stream": "425"
+ },
+ "dns": {
+ "dns.response_to": "41948",
+ "dns.time": "0.000520000",
+ "dns.id": "0x000004ed",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "413",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 05:37:53.266045000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508503073.266045000",
+ "frame.time_delta": "2.473971000",
+ "frame.time_delta_displayed": "270.494219000",
+ "frame.time_relative": "45360.860841000",
+ "frame.number": "42165",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00006f25",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00004998",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "45073",
+ "udp.dstport": "53",
+ "udp.port": "45073",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000a8b8",
+ "udp.checksum.status": "2",
+ "udp.stream": "426"
+ },
+ "dns": {
+ "dns.response_in": "42166",
+ "dns.id": "0x000004ee",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 05:37:53.344536000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508503073.344536000",
+ "frame.time_delta": "0.078491000",
+ "frame.time_delta_displayed": "0.078491000",
+ "frame.time_relative": "45360.939332000",
+ "frame.number": "42166",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000a957",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00000db1",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "45073",
+ "udp.port": "53",
+ "udp.port": "45073",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "426"
+ },
+ "dns": {
+ "dns.response_to": "42165",
+ "dns.time": "0.078491000",
+ "dns.id": "0x000004ee",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "300",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "13344",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1573",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1573",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1573",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1573",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1573",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1573",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1573",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1573",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1573",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1109",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 96.17.70.173": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1648",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.173"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.131": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4418",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.131"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 209.18.46.223": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "492",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.223"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.225": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2893",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.225"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 209.18.46.218": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1445",
+ "dns.resp.len": "4",
+ "dns.a": "209.18.46.218"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.133": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1033",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.133"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 96.17.70.173": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1131",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.173"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4587",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 05:52:53.349738000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508503973.349738000",
+ "frame.time_delta": "0.133221000",
+ "frame.time_delta_displayed": "900.005202000",
+ "frame.time_relative": "46260.944534000",
+ "frame.number": "42899",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00003ed9",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000079e4",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "37008",
+ "udp.dstport": "53",
+ "udp.port": "37008",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000c838",
+ "udp.checksum.status": "2",
+ "udp.stream": "430"
+ },
+ "dns": {
+ "dns.response_in": "42900",
+ "dns.id": "0x000004ef",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 05:52:53.356337000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508503973.356337000",
+ "frame.time_delta": "0.006599000",
+ "frame.time_delta_displayed": "0.006599000",
+ "frame.time_relative": "46260.951133000",
+ "frame.number": "42900",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000f284",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000c483",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "37008",
+ "udp.port": "53",
+ "udp.port": "37008",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "430"
+ },
+ "dns": {
+ "dns.response_to": "42899",
+ "dns.time": "0.006599000",
+ "dns.id": "0x000004ef",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "123",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "10619",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "598",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "598",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "598",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "598",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "598",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "598",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "598",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "598",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "598",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1949",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4620",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5130",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.133": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1333",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.133"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 204.2.166.157": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4233",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.157"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5974",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1812",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.150"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.157.167": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5834",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.157.167"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5629",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 06:07:53.361739000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508504873.361739000",
+ "frame.time_delta": "3.522645000",
+ "frame.time_delta_displayed": "900.005402000",
+ "frame.time_relative": "47160.956535000",
+ "frame.number": "43627",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00002003",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000098ba",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "32771",
+ "udp.dstport": "53",
+ "udp.port": "32771",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000d8c4",
+ "udp.checksum.status": "2",
+ "udp.stream": "434"
+ },
+ "dns": {
+ "dns.response_in": "43628",
+ "dns.id": "0x000004f0",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 06:07:53.369270000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508504873.369270000",
+ "frame.time_delta": "0.007531000",
+ "frame.time_delta_displayed": "0.007531000",
+ "frame.time_relative": "47160.964066000",
+ "frame.number": "43628",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000dd37",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000d9d0",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "32771",
+ "udp.port": "53",
+ "udp.port": "32771",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "434"
+ },
+ "dns": {
+ "dns.response_to": "43627",
+ "dns.time": "0.007531000",
+ "dns.id": "0x000004f0",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "126",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "9719",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3700",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3700",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3700",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3700",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3700",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3700",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3700",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3700",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3700",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1049",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3720",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4230",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.133": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "433",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.133"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 204.2.166.157": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3333",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.157"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5074",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "912",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.150"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.157.167": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4934",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.157.167"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4729",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 06:22:53.379501000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508505773.379501000",
+ "frame.time_delta": "5.573394000",
+ "frame.time_delta_displayed": "900.010231000",
+ "frame.time_relative": "48060.974297000",
+ "frame.number": "44377",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000ea56",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000ce66",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "47638",
+ "udp.dstport": "53",
+ "udp.port": "47638",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x00009eb0",
+ "udp.checksum.status": "2",
+ "udp.stream": "438"
+ },
+ "dns": {
+ "dns.response_in": "44378",
+ "dns.id": "0x000004f1",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 06:22:53.386242000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508505773.386242000",
+ "frame.time_delta": "0.006741000",
+ "frame.time_delta_displayed": "0.006741000",
+ "frame.time_relative": "48060.981038000",
+ "frame.number": "44378",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x000016a1",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000a067",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "47638",
+ "udp.port": "53",
+ "udp.port": "47638",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "438"
+ },
+ "dns": {
+ "dns.response_to": "44377",
+ "dns.time": "0.006741000",
+ "dns.id": "0x000004f1",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "126",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "8819",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.27"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "184.84.242.42"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2800",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2800",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2800",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2800",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2800",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2800",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2800",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2800",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2800",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "149",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2820",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3330",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.192": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3537",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.192"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 204.2.166.157": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2433",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.157"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4174",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.150": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "12",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.150"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.157.167": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4034",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.157.167"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3829",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 06:33:22.946788000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508506402.946788000",
+ "frame.time_delta": "0.766058000",
+ "frame.time_delta_displayed": "629.560546000",
+ "frame.time_relative": "48690.541584000",
+ "frame.number": "44868",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000bdc8",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000faf1",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "34522",
+ "udp.dstport": "53",
+ "udp.port": "34522",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00003971",
+ "udp.checksum.status": "2",
+ "udp.stream": "444"
+ },
+ "dns": {
+ "dns.response_in": "44869",
+ "dns.id": "0x000004f2",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 06:33:22.948908000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508506402.948908000",
+ "frame.time_delta": "0.002120000",
+ "frame.time_delta_displayed": "0.002120000",
+ "frame.time_relative": "48690.543704000",
+ "frame.number": "44869",
+ "frame.len": "137",
+ "frame.cap_len": "137",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "123",
+ "ip.id": "0x00005bc7",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00005cb9",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "34522",
+ "udp.port": "53",
+ "udp.port": "34522",
+ "udp.length": "103",
+ "udp.checksum": "0x0000826a",
+ "udp.checksum.status": "2",
+ "udp.stream": "444"
+ },
+ "dns": {
+ "dns.response_to": "44868",
+ "dns.time": "0.002120000",
+ "dns.id": "0x000004f2",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "1",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "6",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "413",
+ "dns.resp.len": "46",
+ "dns.soa.mname": "ns1.ext.philips.com",
+ "dns.soa.rname": "ddi-authority.philips.com",
+ "dns.soa.serial_number": "387",
+ "dns.soa.refresh_interval": "1200",
+ "dns.soa.retry_interval": "300",
+ "dns.soa.expire_limit": "1209600",
+ "dns.soa.mininum_ttl": "3600"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 06:33:22.950083000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508506402.950083000",
+ "frame.time_delta": "0.001175000",
+ "frame.time_delta_displayed": "0.001175000",
+ "frame.time_relative": "48690.544879000",
+ "frame.number": "44870",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000bdc9",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000faf0",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "33646",
+ "udp.dstport": "53",
+ "udp.port": "33646",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x000057dc",
+ "udp.checksum.status": "2",
+ "udp.stream": "445"
+ },
+ "dns": {
+ "dns.response_in": "44871",
+ "dns.id": "0x000004f3",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 06:33:22.951622000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508506402.951622000",
+ "frame.time_delta": "0.001539000",
+ "frame.time_delta_displayed": "0.001539000",
+ "frame.time_relative": "48690.546418000",
+ "frame.number": "44871",
+ "frame.len": "285",
+ "frame.cap_len": "285",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "271",
+ "ip.id": "0x00005bc8",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00005c24",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "33646",
+ "udp.port": "53",
+ "udp.port": "33646",
+ "udp.length": "251",
+ "udp.checksum": "0x000082fe",
+ "udp.checksum.status": "2",
+ "udp.stream": "445"
+ },
+ "dns": {
+ "dns.response_to": "44870",
+ "dns.time": "0.001539000",
+ "dns.id": "0x000004f3",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "6",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "413",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2799",
+ "dns.resp.len": "10",
+ "dns.ns": "ns1.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2799",
+ "dns.resp.len": "6",
+ "dns.ns": "ns3.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2799",
+ "dns.resp.len": "6",
+ "dns.ns": "ns2.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "157451",
+ "dns.resp.len": "4",
+ "dns.a": "57.67.40.20"
+ },
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "128374",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "128374",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "146629",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "18351",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "18351",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 06:33:23.416488000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508506403.416488000",
+ "frame.time_delta": "0.000964000",
+ "frame.time_delta_displayed": "0.464866000",
+ "frame.time_relative": "48691.011284000",
+ "frame.number": "44887",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000bddb",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000fade",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "59813",
+ "udp.dstport": "53",
+ "udp.port": "59813",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000d6a3",
+ "udp.checksum.status": "2",
+ "udp.stream": "446"
+ },
+ "dns": {
+ "dns.response_in": "44888",
+ "dns.id": "0x000004f4",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 06:33:23.416961000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508506403.416961000",
+ "frame.time_delta": "0.000473000",
+ "frame.time_delta_displayed": "0.000473000",
+ "frame.time_relative": "48691.011757000",
+ "frame.number": "44888",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x00005bce",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00005cec",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "59813",
+ "udp.port": "53",
+ "udp.port": "59813",
+ "udp.length": "45",
+ "udp.checksum": "0x00008230",
+ "udp.checksum.status": "2",
+ "udp.stream": "446"
+ },
+ "dns": {
+ "dns.response_to": "44887",
+ "dns.time": "0.000473000",
+ "dns.id": "0x000004f4",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 06:33:23.417890000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508506403.417890000",
+ "frame.time_delta": "0.000929000",
+ "frame.time_delta_displayed": "0.000929000",
+ "frame.time_relative": "48691.012686000",
+ "frame.number": "44889",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000bddc",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000fadd",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "44681",
+ "udp.dstport": "53",
+ "udp.port": "44681",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00002cbf",
+ "udp.checksum.status": "2",
+ "udp.stream": "447"
+ },
+ "dns": {
+ "dns.response_in": "44890",
+ "dns.id": "0x000004f5",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 06:33:23.418452000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508506403.418452000",
+ "frame.time_delta": "0.000562000",
+ "frame.time_delta_displayed": "0.000562000",
+ "frame.time_relative": "48691.013248000",
+ "frame.number": "44890",
+ "frame.len": "95",
+ "frame.cap_len": "95",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "81",
+ "ip.id": "0x00005bcf",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00005cdb",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "44681",
+ "udp.port": "53",
+ "udp.port": "44681",
+ "udp.length": "61",
+ "udp.checksum": "0x00008240",
+ "udp.checksum.status": "2",
+ "udp.stream": "447"
+ },
+ "dns": {
+ "dns.response_to": "44889",
+ "dns.time": "0.000562000",
+ "dns.id": "0x000004f5",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "412",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 06:37:53.397275000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508506673.397275000",
+ "frame.time_delta": "0.977714000",
+ "frame.time_delta_displayed": "269.978823000",
+ "frame.time_relative": "48960.992071000",
+ "frame.number": "45164",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x0000f463",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000c459",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53189",
+ "udp.dstport": "53",
+ "udp.port": "53189",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x000088fc",
+ "udp.checksum.status": "2",
+ "udp.stream": "449"
+ },
+ "dns": {
+ "dns.response_in": "45165",
+ "dns.id": "0x000004f6",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 06:37:53.407078000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508506673.407078000",
+ "frame.time_delta": "0.009803000",
+ "frame.time_delta_displayed": "0.009803000",
+ "frame.time_relative": "48961.001874000",
+ "frame.number": "45165",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000adc8",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00000940",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "53189",
+ "udp.port": "53",
+ "udp.port": "53189",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "449"
+ },
+ "dns": {
+ "dns.response_to": "45164",
+ "dns.time": "0.009803000",
+ "dns.id": "0x000004f6",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "127",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7919",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1900",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1900",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1900",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1900",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1900",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1900",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1900",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1900",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1900",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3256",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1920",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2430",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.192": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2637",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.192"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 204.2.166.157": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1533",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.157"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3274",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3115",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.188"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.157.167": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3134",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.157.167"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2929",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 06:52:53.416716000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508507573.416716000",
+ "frame.time_delta": "1.378707000",
+ "frame.time_delta_displayed": "900.009638000",
+ "frame.time_relative": "49861.011512000",
+ "frame.number": "45902",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x000028c2",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00008ffb",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53544",
+ "udp.dstport": "53",
+ "udp.port": "53544",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x00008798",
+ "udp.checksum.status": "2",
+ "udp.stream": "454"
+ },
+ "dns": {
+ "dns.response_in": "45903",
+ "dns.id": "0x000004f7",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 06:52:53.422982000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508507573.422982000",
+ "frame.time_delta": "0.006266000",
+ "frame.time_delta_displayed": "0.006266000",
+ "frame.time_relative": "49861.017778000",
+ "frame.number": "45903",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000f786",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000bf81",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "53544",
+ "udp.port": "53",
+ "udp.port": "53544",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "454"
+ },
+ "dns": {
+ "dns.response_to": "45902",
+ "dns.time": "0.006266000",
+ "dns.id": "0x000004f7",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "127",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7019",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1000",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1000",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1000",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1000",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1000",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1000",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1000",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1000",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1000",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2356",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1020",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1530",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.192": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1737",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.192"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 204.2.166.157": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "633",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.157"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2374",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2215",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.188"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.157.167": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2234",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.157.167"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2029",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 07:07:53.431212000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508508473.431212000",
+ "frame.time_delta": "2.092085000",
+ "frame.time_delta_displayed": "900.008230000",
+ "frame.time_relative": "50761.026008000",
+ "frame.number": "46613",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00000dff",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000aabe",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "34206",
+ "udp.dstport": "53",
+ "udp.port": "34206",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000d321",
+ "udp.checksum.status": "2",
+ "udp.stream": "458"
+ },
+ "dns": {
+ "dns.response_in": "46614",
+ "dns.id": "0x000004f8",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 07:07:53.437633000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508508473.437633000",
+ "frame.time_delta": "0.006421000",
+ "frame.time_delta_displayed": "0.006421000",
+ "frame.time_relative": "50761.032429000",
+ "frame.number": "46614",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00004f64",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x000067a4",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "34206",
+ "udp.port": "53",
+ "udp.port": "34206",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "458"
+ },
+ "dns": {
+ "dns.response_to": "46613",
+ "dns.time": "0.006421000",
+ "dns.id": "0x000004f8",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "127",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6119",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "100",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "100",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "100",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "100",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "100",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "100",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "100",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "100",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "100",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1456",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "120",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "630",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.192": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "837",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.192"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.207": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5740",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.207"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1474",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1315",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.188"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.157.167": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1334",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.157.167"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "1129",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 07:22:53.445298000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508509373.445298000",
+ "frame.time_delta": "4.162550000",
+ "frame.time_delta_displayed": "900.007665000",
+ "frame.time_relative": "51661.040094000",
+ "frame.number": "47529",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00001618",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000a2a5",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "37517",
+ "udp.dstport": "53",
+ "udp.port": "37517",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x0000c631",
+ "udp.checksum.status": "2",
+ "udp.stream": "459"
+ },
+ "dns": {
+ "dns.response_in": "47530",
+ "dns.id": "0x000004f9",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 07:22:53.451560000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508509373.451560000",
+ "frame.time_delta": "0.006262000",
+ "frame.time_delta_displayed": "0.006262000",
+ "frame.time_relative": "51661.046356000",
+ "frame.number": "47530",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x0000879c",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00002f6c",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "37517",
+ "udp.port": "53",
+ "udp.port": "37517",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "459"
+ },
+ "dns": {
+ "dns.response_to": "47529",
+ "dns.time": "0.006262000",
+ "dns.id": "0x000004f9",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "127",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5219",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3203",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3203",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3203",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3203",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3203",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3203",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3203",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3203",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3203",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "556",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 96.17.70.191": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7221",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.191"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 165.254.146.244": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7733",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.146.244"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3938",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.207": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4840",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.207"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "574",
+ "dns.resp.len": "4",
+ "dns.a": "204.2.166.158"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.188": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "415",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.188"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 165.254.157.167": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "434",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.157.167"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "229",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 07:33:23.445057000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508510003.445057000",
+ "frame.time_delta": "7.984590000",
+ "frame.time_delta_displayed": "629.993497000",
+ "frame.time_relative": "52291.039853000",
+ "frame.number": "48058",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000fb5d",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000bd5c",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "54194",
+ "udp.dstport": "53",
+ "udp.port": "54194",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000ec90",
+ "udp.checksum.status": "2",
+ "udp.stream": "463"
+ },
+ "dns": {
+ "dns.response_in": "48059",
+ "dns.id": "0x000004fa",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 07:33:23.447069000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508510003.447069000",
+ "frame.time_delta": "0.002012000",
+ "frame.time_delta_displayed": "0.002012000",
+ "frame.time_relative": "52291.041865000",
+ "frame.number": "48059",
+ "frame.len": "137",
+ "frame.cap_len": "137",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "123",
+ "ip.id": "0x000001dc",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000b6a4",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "54194",
+ "udp.port": "53",
+ "udp.port": "54194",
+ "udp.length": "103",
+ "udp.checksum": "0x0000826a",
+ "udp.checksum.status": "2",
+ "udp.stream": "463"
+ },
+ "dns": {
+ "dns.response_to": "48058",
+ "dns.time": "0.002012000",
+ "dns.id": "0x000004fa",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "1",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "6",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "412",
+ "dns.resp.len": "46",
+ "dns.soa.mname": "ns1.ext.philips.com",
+ "dns.soa.rname": "ddi-authority.philips.com",
+ "dns.soa.serial_number": "387",
+ "dns.soa.refresh_interval": "1200",
+ "dns.soa.retry_interval": "300",
+ "dns.soa.expire_limit": "1209600",
+ "dns.soa.mininum_ttl": "3600"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 07:33:23.447897000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508510003.447897000",
+ "frame.time_delta": "0.000828000",
+ "frame.time_delta_displayed": "0.000828000",
+ "frame.time_relative": "52291.042693000",
+ "frame.number": "48060",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000fb5e",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000bd5b",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "35295",
+ "udp.dstport": "53",
+ "udp.port": "35295",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00005163",
+ "udp.checksum.status": "2",
+ "udp.stream": "464"
+ },
+ "dns": {
+ "dns.response_in": "48061",
+ "dns.id": "0x000004fb",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 07:33:23.449477000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508510003.449477000",
+ "frame.time_delta": "0.001580000",
+ "frame.time_delta_displayed": "0.001580000",
+ "frame.time_relative": "52291.044273000",
+ "frame.number": "48061",
+ "frame.len": "285",
+ "frame.cap_len": "285",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "271",
+ "ip.id": "0x000001dd",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000b60f",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "35295",
+ "udp.port": "53",
+ "udp.port": "35295",
+ "udp.length": "251",
+ "udp.checksum": "0x000082fe",
+ "udp.checksum.status": "2",
+ "udp.stream": "464"
+ },
+ "dns": {
+ "dns.response_to": "48060",
+ "dns.time": "0.001580000",
+ "dns.id": "0x000004fb",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "3",
+ "dns.count.add_rr": "6",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "412",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ },
+ "Authoritative nameservers": {
+ "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2798",
+ "dns.resp.len": "10",
+ "dns.ns": "ns2.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2798",
+ "dns.resp.len": "6",
+ "dns.ns": "ns3.ext.philips.com"
+ },
+ "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": {
+ "dns.resp.name": "cpp.philips.com",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2798",
+ "dns.resp.len": "6",
+ "dns.ns": "ns1.ext.philips.com"
+ }
+ },
+ "Additional records": {
+ "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "153850",
+ "dns.resp.len": "4",
+ "dns.a": "57.67.40.20"
+ },
+ "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "124773",
+ "dns.resp.len": "4",
+ "dns.a": "57.77.21.76"
+ },
+ "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "124773",
+ "dns.resp.len": "4",
+ "dns.a": "57.73.36.68"
+ },
+ "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": {
+ "dns.resp.name": "ns1.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "143028",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce89:8001::57:67:40:20"
+ },
+ "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": {
+ "dns.resp.name": "ns2.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "14750",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76"
+ },
+ "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": {
+ "dns.resp.name": "ns3.ext.philips.com",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "14750",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2a01:ce9d:1::57:73:36:68"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 07:33:23.865101000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508510003.865101000",
+ "frame.time_delta": "0.001627000",
+ "frame.time_delta_displayed": "0.415624000",
+ "frame.time_relative": "52291.459897000",
+ "frame.number": "48078",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000fb69",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000bd50",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "56468",
+ "udp.dstport": "53",
+ "udp.port": "56468",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x0000e3ac",
+ "udp.checksum.status": "2",
+ "udp.stream": "465"
+ },
+ "dns": {
+ "dns.response_in": "48079",
+ "dns.id": "0x000004fc",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 07:33:23.865672000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508510003.865672000",
+ "frame.time_delta": "0.000571000",
+ "frame.time_delta_displayed": "0.000571000",
+ "frame.time_relative": "52291.460468000",
+ "frame.number": "48079",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x000001de",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000b6dc",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "56468",
+ "udp.port": "53",
+ "udp.port": "56468",
+ "udp.length": "45",
+ "udp.checksum": "0x00008230",
+ "udp.checksum.status": "2",
+ "udp.stream": "465"
+ },
+ "dns": {
+ "dns.response_to": "48078",
+ "dns.time": "0.000571000",
+ "dns.id": "0x000004fc",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type AAAA, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "28",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 07:33:23.866499000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508510003.866499000",
+ "frame.time_delta": "0.000827000",
+ "frame.time_delta_displayed": "0.000827000",
+ "frame.time_relative": "52291.461295000",
+ "frame.number": "48080",
+ "frame.len": "79",
+ "frame.cap_len": "79",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "65",
+ "ip.id": "0x0000fb6a",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000bd4f",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "42815",
+ "udp.dstport": "53",
+ "udp.port": "42815",
+ "udp.port": "53",
+ "udp.length": "45",
+ "udp.checksum": "0x00003401",
+ "udp.checksum.status": "2",
+ "udp.stream": "466"
+ },
+ "dns": {
+ "dns.response_in": "48081",
+ "dns.id": "0x000004fd",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 07:33:23.867228000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508510003.867228000",
+ "frame.time_delta": "0.000729000",
+ "frame.time_delta_displayed": "0.000729000",
+ "frame.time_relative": "52291.462024000",
+ "frame.number": "48081",
+ "frame.len": "95",
+ "frame.cap_len": "95",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "81",
+ "ip.id": "0x000001df",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000b6cb",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "42815",
+ "udp.port": "53",
+ "udp.port": "42815",
+ "udp.length": "61",
+ "udp.checksum": "0x00008240",
+ "udp.checksum.status": "2",
+ "udp.stream": "466"
+ },
+ "dns": {
+ "dns.response_to": "48080",
+ "dns.time": "0.000729000",
+ "dns.id": "0x000004fd",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "1",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "dcp.cpp.philips.com: type A, class IN": {
+ "dns.qry.name": "dcp.cpp.philips.com",
+ "dns.qry.name.len": "19",
+ "dns.count.labels": "4",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": {
+ "dns.resp.name": "dcp.cpp.philips.com",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "412",
+ "dns.resp.len": "4",
+ "dns.a": "5.79.62.93"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 07:37:53.461226000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508510273.461226000",
+ "frame.time_delta": "5.280384000",
+ "frame.time_delta_displayed": "269.593998000",
+ "frame.time_relative": "52561.056022000",
+ "frame.number": "48304",
+ "frame.len": "76",
+ "frame.cap_len": "76",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "00:17:88:69:ee:e4",
+ "eth.src_tree": {
+ "eth.src_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "62",
+ "ip.id": "0x00000e4c",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x0000aa71",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.src_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "ip.dst": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.dst_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "49801",
+ "udp.dstport": "53",
+ "udp.port": "49801",
+ "udp.port": "53",
+ "udp.length": "42",
+ "udp.checksum": "0x00009630",
+ "udp.checksum.status": "2",
+ "udp.stream": "467"
+ },
+ "dns": {
+ "dns.response_in": "48305",
+ "dns.id": "0x000004fe",
+ "dns.flags": "0x00000100",
+ "dns.flags_tree": {
+ "dns.flags.response": "0",
+ "dns.flags.opcode": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.z": "0",
+ "dns.flags.checkdisable": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "0",
+ "dns.count.auth_rr": "0",
+ "dns.count.add_rr": "0",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ }
+ }
+ }
+ }
+ }
+ ,
+ {
+ "_index": "packets-2017-10-26",
+ "_type": "pcap_file",
+ "_score": null,
+ "_source": {
+ "layers": {
+ "frame": {
+ "frame.encap_type": "1",
+ "frame.time": "Oct 20, 2017 07:37:53.467660000 PDT",
+ "frame.offset_shift": "0.000000000",
+ "frame.time_epoch": "1508510273.467660000",
+ "frame.time_delta": "0.006434000",
+ "frame.time_delta_displayed": "0.006434000",
+ "frame.time_relative": "52561.062456000",
+ "frame.number": "48305",
+ "frame.len": "513",
+ "frame.cap_len": "513",
+ "frame.marked": "0",
+ "frame.ignored": "0",
+ "frame.protocols": "eth:ethertype:ip:udp:dns",
+ "frame.coloring_rule.name": "UDP",
+ "frame.coloring_rule.string": "udp"
+ },
+ "eth": {
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.dst_tree": {
+ "eth.dst_resolved": "PhilipsL_69:ee:e4",
+ "eth.addr": "00:17:88:69:ee:e4",
+ "eth.addr_resolved": "PhilipsL_69:ee:e4",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.src": "b0:b9:8a:73:69:8e",
+ "eth.src_tree": {
+ "eth.src_resolved": "Netgear_73:69:8e",
+ "eth.addr": "b0:b9:8a:73:69:8e",
+ "eth.addr_resolved": "Netgear_73:69:8e",
+ "eth.lg": "0",
+ "eth.ig": "0"
+ },
+ "eth.type": "0x00000800"
+ },
+ "ip": {
+ "ip.version": "4",
+ "ip.hdr_len": "20",
+ "ip.dsfield": "0x00000000",
+ "ip.dsfield_tree": {
+ "ip.dsfield.dscp": "0",
+ "ip.dsfield.ecn": "0"
+ },
+ "ip.len": "499",
+ "ip.id": "0x00001912",
+ "ip.flags": "0x00000002",
+ "ip.flags_tree": {
+ "ip.flags.rb": "0",
+ "ip.flags.df": "1",
+ "ip.flags.mf": "0"
+ },
+ "ip.frag_offset": "0",
+ "ip.ttl": "64",
+ "ip.proto": "17",
+ "ip.checksum": "0x00009df6",
+ "ip.checksum.status": "2",
+ "ip.src": "192.168.0.1",
+ "ip.addr": "192.168.0.1",
+ "ip.src_host": "192.168.0.1",
+ "ip.host": "192.168.0.1",
+ "ip.dst": "192.168.0.160",
+ "ip.addr": "192.168.0.160",
+ "ip.dst_host": "192.168.0.160",
+ "ip.host": "192.168.0.160",
+ "Source GeoIP: Unknown": "",
+ "Destination GeoIP: Unknown": ""
+ },
+ "udp": {
+ "udp.srcport": "53",
+ "udp.dstport": "49801",
+ "udp.port": "53",
+ "udp.port": "49801",
+ "udp.length": "479",
+ "udp.checksum": "0x000083e2",
+ "udp.checksum.status": "2",
+ "udp.stream": "467"
+ },
+ "dns": {
+ "dns.response_to": "48304",
+ "dns.time": "0.006434000",
+ "dns.id": "0x000004fe",
+ "dns.flags": "0x00008180",
+ "dns.flags_tree": {
+ "dns.flags.response": "1",
+ "dns.flags.opcode": "0",
+ "dns.flags.authoritative": "0",
+ "dns.flags.truncated": "0",
+ "dns.flags.recdesired": "1",
+ "dns.flags.recavail": "1",
+ "dns.flags.z": "0",
+ "dns.flags.authenticated": "0",
+ "dns.flags.checkdisable": "0",
+ "dns.flags.rcode": "0"
+ },
+ "dns.count.queries": "1",
+ "dns.count.answers": "4",
+ "dns.count.auth_rr": "9",
+ "dns.count.add_rr": "9",
+ "Queries": {
+ "www2.meethue.com: type A, class IN": {
+ "dns.qry.name": "www2.meethue.com",
+ "dns.qry.name.len": "16",
+ "dns.count.labels": "3",
+ "dns.qry.type": "1",
+ "dns.qry.class": "0x00000001"
+ }
+ },
+ "Answers": {
+ "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": {
+ "dns.resp.name": "www2.meethue.com",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "128",
+ "dns.resp.len": "41",
+ "dns.cname": "brands.lighting.philips.com.edgekey.net"
+ },
+ "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": {
+ "dns.resp.name": "brands.lighting.philips.com.edgekey.net",
+ "dns.resp.type": "5",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "4319",
+ "dns.resp.len": "22",
+ "dns.cname": "e15361.b.akamaiedge.net"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.125"
+ },
+ "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": {
+ "dns.resp.name": "e15361.b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "20",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.112"
+ }
+ },
+ "Authoritative nameservers": {
+ "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2303",
+ "dns.resp.len": "6",
+ "dns.ns": "n6b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2303",
+ "dns.resp.len": "6",
+ "dns.ns": "n2b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2303",
+ "dns.resp.len": "6",
+ "dns.ns": "a0b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2303",
+ "dns.resp.len": "6",
+ "dns.ns": "n4b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2303",
+ "dns.resp.len": "6",
+ "dns.ns": "n5b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2303",
+ "dns.resp.len": "6",
+ "dns.ns": "n1b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2303",
+ "dns.resp.len": "6",
+ "dns.ns": "n7b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2303",
+ "dns.resp.len": "6",
+ "dns.ns": "n3b.akamaiedge.net"
+ },
+ "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": {
+ "dns.resp.name": "b.akamaiedge.net",
+ "dns.resp.type": "2",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "2303",
+ "dns.resp.len": "6",
+ "dns.ns": "n0b.akamaiedge.net"
+ }
+ },
+ "Additional records": {
+ "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": {
+ "dns.resp.name": "n0b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3658",
+ "dns.resp.len": "4",
+ "dns.a": "88.221.81.192"
+ },
+ "n1b.akamaiedge.net: type A, class IN, addr 96.17.70.191": {
+ "dns.resp.name": "n1b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6321",
+ "dns.resp.len": "4",
+ "dns.a": "96.17.70.191"
+ },
+ "n2b.akamaiedge.net: type A, class IN, addr 165.254.146.244": {
+ "dns.resp.name": "n2b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "6833",
+ "dns.resp.len": "4",
+ "dns.a": "165.254.146.244"
+ },
+ "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.109": {
+ "dns.resp.name": "n3b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3038",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.109"
+ },
+ "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.207": {
+ "dns.resp.name": "n4b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3940",
+ "dns.resp.len": "4",
+ "dns.a": "198.172.88.207"
+ },
+ "n5b.akamaiedge.net: type A, class IN, addr 173.223.52.131": {
+ "dns.resp.name": "n5b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "7681",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.131"
+ },
+ "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.133": {
+ "dns.resp.name": "n6b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "3520",
+ "dns.resp.len": "4",
+ "dns.a": "173.223.52.133"
+ },
+ "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.41": {
+ "dns.resp.name": "n7b.akamaiedge.net",
+ "dns.resp.type": "1",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5538",
+ "dns.resp.len": "4",
+ "dns.a": "204.1.137.41"
+ },
+ "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": {
+ "dns.resp.name": "a0b.akamaiedge.net",
+ "dns.resp.type": "28",
+ "dns.resp.class": "0x00000001",
+ "dns.resp.ttl": "5335",
+ "dns.resp.len": "16",
+ "dns.aaaa": "2600:1480:e800::c0"
+ }
+ }
+ }
+ }
+ }
+ }
+]
--- /dev/null
+{
+ "0018c361-c05b-462b-80fd-924d0d90110f": {
+ "dst_ip": "5.79.62.93",
+ "dst_port": 80,
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.src": "00:17:88:69:ee:e4",
+ "headers": {
+ "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"74\", Nonce=\"5uz+9xSbrsC2F9UIj3EnlQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"U77HA2bdom8FQeQHHjOBKw==\"",
+ "connection": "close",
+ "content-length": "1328",
+ "content-type": "application/CB-Encrypted; cipher=AES",
+ "host": "dcp.cpp.philips.com:80"
+ },
+ "host": "dcp.cpp.philips.com:80",
+ "method": "POST",
+ "src_ip": "192.168.0.160",
+ "src_port": 45243,
+ "ts": "1508502803.048797000",
+ "uri": "/DcpRequestHandler/index.ashx"
+ },
+ "06c3f251-5dd2-429f-840c-7cee46775c08": {
+ "dst_ip": "5.79.62.93",
+ "dst_port": 80,
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.src": "00:17:88:69:ee:e4",
+ "headers": {
+ "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"51\", Nonce=\"IDqv9WAPICxSF9UIgYzuNQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"HO0GNANgmPqD3EsKDz11CQ==\"",
+ "connection": "close",
+ "content-length": "1328",
+ "content-type": "application/CB-Encrypted; cipher=AES",
+ "host": "dcp.cpp.philips.com:80"
+ },
+ "host": "dcp.cpp.philips.com:80",
+ "method": "POST",
+ "src_ip": "192.168.0.160",
+ "src_port": 45175,
+ "ts": "1508463201.902797000",
+ "uri": "/DcpRequestHandler/index.ashx"
+ },
+ "109a8616-e01e-47b1-a381-dc10de5c50a1": {
+ "dst_ip": "5.79.62.93",
+ "dst_port": 80,
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.src": "00:17:88:69:ee:e4",
+ "headers": {
+ "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"67\", Nonce=\"OeXj2KpCdTmVF9UIH/fp1g==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"v7WnBnxyc0rL6zBViUZt3Q==\"",
+ "connection": "close",
+ "content-length": "1328",
+ "content-type": "application/CB-Encrypted; cipher=AES",
+ "host": "dcp.cpp.philips.com:80"
+ },
+ "host": "dcp.cpp.philips.com:80",
+ "method": "POST",
+ "src_ip": "192.168.0.160",
+ "src_port": 45224,
+ "ts": "1508492002.667066000",
+ "uri": "/DcpRequestHandler/index.ashx"
+ },
+ "1146dff1-5bec-4a75-a7be-8e0607e2d79b": {
+ "dst_ip": "5.79.62.93",
+ "dst_port": 80,
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.src": "00:17:88:69:ee:e4",
+ "headers": {
+ "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"59\", Nonce=\"IIRRXKWHaLNzF9UIafRhqA==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"Mb84RTuO7v9NBZI4u2KVow==\"",
+ "connection": "close",
+ "content-length": "1328",
+ "content-type": "application/CB-Encrypted; cipher=AES",
+ "host": "dcp.cpp.philips.com:80"
+ },
+ "host": "dcp.cpp.philips.com:80",
+ "method": "POST",
+ "src_ip": "192.168.0.160",
+ "src_port": 45199,
+ "ts": "1508477602.251054000",
+ "uri": "/DcpRequestHandler/index.ashx"
+ },
+ "17203fc4-cc9c-4ddc-b75d-828dadcd5707": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56971,
+ "ts": "1508500993.884194000",
+ "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
+ },
+ "1d146b55-7395-435d-8e03-d8747f6fc3ca": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56611,
+ "ts": "1508469852.249587000",
+ "uri": "/description.xml"
+ },
+ "1ea946a4-e4a6-4fa5-927e-4603e47d6251": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56609,
+ "ts": "1508469851.936530000",
+ "uri": "/description.xml"
+ },
+ "1f73b3b1-a13d-499c-8df9-32873a7c340e": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56968,
+ "ts": "1508500992.947109000",
+ "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
+ },
+ "21088abf-df7d-45e8-a028-edd22a383f65": {
+ "dst_ip": "5.79.62.93",
+ "dst_port": 80,
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.src": "00:17:88:69:ee:e4",
+ "headers": {
+ "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"63\", Nonce=\"0n/qkGVhjHaEF9UIbD9C0w==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"a7dKjQVsYpg5YH/p9UfqmQ==\"",
+ "connection": "close",
+ "content-length": "1328",
+ "content-type": "application/CB-Encrypted; cipher=AES",
+ "host": "dcp.cpp.philips.com:80"
+ },
+ "host": "dcp.cpp.philips.com:80",
+ "method": "POST",
+ "src_ip": "192.168.0.160",
+ "src_port": 45212,
+ "ts": "1508484803.583720000",
+ "uri": "/DcpRequestHandler/index.ashx"
+ },
+ "215520aa-f1ea-4129-83c5-155fa84aa219": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56701,
+ "ts": "1508477534.895063000",
+ "uri": "/description.xml"
+ },
+ "297939f9-7e43-48ba-b44c-f05d590fac2f": {
+ "dst_ip": "5.79.62.93",
+ "dst_port": 80,
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.src": "00:17:88:69:ee:e4",
+ "headers": {
+ "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"72\", Nonce=\"jwevBP0xoV+uF9UI3sJnlA==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"GCdNlUt1IhjIKFkIuQ8V8g==\"",
+ "connection": "close",
+ "content-length": "1328",
+ "content-type": "application/CB-Encrypted; cipher=AES",
+ "host": "dcp.cpp.philips.com:80"
+ },
+ "host": "dcp.cpp.philips.com:80",
+ "method": "POST",
+ "src_ip": "192.168.0.160",
+ "src_port": 45237,
+ "ts": "1508499204.343328000",
+ "uri": "/DcpRequestHandler/index.ashx"
+ },
+ "2aa32fd9-ca8e-4ec4-9ef7-0e56a508ce51": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56538,
+ "ts": "1508463913.265019000",
+ "uri": "/description.xml"
+ },
+ "2cecaffd-d363-401d-9b6f-1ca89d2b350b": {
+ "dst_ip": "5.79.62.93",
+ "dst_port": 80,
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.src": "00:17:88:69:ee:e4",
+ "headers": {
+ "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"60\", Nonce=\"T8McgxJ9HBR8F9UIHQxr3A==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"pB8wKvl1l7ugOuNTTS9oxQ==\"",
+ "connection": "close",
+ "content-length": "1328",
+ "content-type": "application/CB-Encrypted; cipher=AES",
+ "host": "dcp.cpp.philips.com:80"
+ },
+ "host": "dcp.cpp.philips.com:80",
+ "method": "POST",
+ "src_ip": "192.168.0.160",
+ "src_port": 45200,
+ "ts": "1508477602.669084000",
+ "uri": "/DcpRequestHandler/index.ashx"
+ },
+ "2f197b06-d092-427f-a92a-ba9b247e73d6": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 57055,
+ "ts": "1508509044.965021000",
+ "uri": "/description.xml"
+ },
+ "3010efcb-45f8-43fc-9443-8a3ba838ee9f": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56540,
+ "ts": "1508463914.137918000",
+ "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
+ },
+ "3236af6d-4542-4257-9087-bafcbbdb5de9": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56879,
+ "ts": "1508493119.264807000",
+ "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
+ },
+ "3acd5f57-061a-474b-bb89-5b65f5e549d3": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 57062,
+ "ts": "1508509045.921481000",
+ "uri": "/description.xml"
+ },
+ "3c1ba96c-4e39-439b-9ada-e6c66f6e0e7f": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 57072,
+ "ts": "1508509214.456013000",
+ "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
+ },
+ "3f95a4d2-9586-430c-a002-616896328da3": {
+ "dst_ip": "5.79.62.93",
+ "dst_port": 80,
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.src": "00:17:88:69:ee:e4",
+ "headers": {
+ "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"57\", Nonce=\"UKDWAA1aUlFrF9UItdlMsw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"PdwZCCElcnhZG70H7kTWtg==\"",
+ "connection": "close",
+ "content-length": "1328",
+ "content-type": "application/CB-Encrypted; cipher=AES",
+ "host": "dcp.cpp.philips.com:80"
+ },
+ "host": "dcp.cpp.philips.com:80",
+ "method": "POST",
+ "src_ip": "192.168.0.160",
+ "src_port": 45193,
+ "ts": "1508474003.675549000",
+ "uri": "/DcpRequestHandler/index.ashx"
+ },
+ "4b7c4441-ee52-4167-a7e3-f9b196e31cf2": {
+ "dst_ip": "130.211.67.12",
+ "dst_port": 80,
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.src": "00:17:88:69:ee:e4",
+ "headers": {
+ "connection": "close",
+ "content-type": "text/plain",
+ "host": "diagnostics.meethue.com:80",
+ "transfer-encoding": "chunked"
+ },
+ "host": "diagnostics.meethue.com:80",
+ "method": "POST",
+ "src_ip": "192.168.0.160",
+ "src_port": 54159,
+ "ts": "1508461977.224826000",
+ "uri": "/bridges/fullconfig?sso=91c2b44e0cc2e21ed49576ab6732c15b5c8a86e5f4211feb4a1e9a086dddf9d2663e7c6b035a33b43dd98c6168842c6bbed4f84f8ba27cb6e6593dc3de07a2909c62693157c503a676c182a44daf78ddae30900de525cad753035de299958db2121a4284346b74371c889cfc5df609cb33d126e3051871163f5d767a9d53b72ae6e8901db39b90d2247db5cb734db1b8f18c37bfc23ed6091359629f8c68074ea0d7377c6da7b5b88bccda18a2e137e29f0bab89d64d94c2524b639e5712061b&i=e11f3860cfb5d8a0e502583853950fb6&auth=f66de122ea23c53e85a152b1be18131517dddef7"
+ },
+ "503b740d-2377-4ab3-b1c0-318522744453": {
+ "dst_ip": "5.79.62.93",
+ "dst_port": 80,
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.src": "00:17:88:69:ee:e4",
+ "headers": {
+ "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"55\", Nonce=\"LDg3BhU5Mu9iF9UIehwGlA==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"yoodQRhNNMKwd6zmaU7QuA==\"",
+ "connection": "close",
+ "content-length": "1328",
+ "content-type": "application/CB-Encrypted; cipher=AES",
+ "host": "dcp.cpp.philips.com:80"
+ },
+ "host": "dcp.cpp.philips.com:80",
+ "method": "POST",
+ "src_ip": "192.168.0.160",
+ "src_port": 45187,
+ "ts": "1508470403.122955000",
+ "uri": "/DcpRequestHandler/index.ashx"
+ },
+ "515d8cf7-1847-4ac5-a62d-9fb279703109": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56697,
+ "ts": "1508477533.624722000",
+ "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
+ },
+ "5247061a-0a8d-4bc5-a7a5-71f86862d3e1": {
+ "dst_ip": "5.79.62.93",
+ "dst_port": 80,
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.src": "00:17:88:69:ee:e4",
+ "headers": {
+ "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"66\", Nonce=\"bSBJ+8tVRzmVF9UI+DCyBw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"rLf0EDCXW2dxHEFY/c0lzg==\"",
+ "connection": "close",
+ "content-length": "1328",
+ "content-type": "application/CB-Encrypted; cipher=AES",
+ "host": "dcp.cpp.philips.com:80"
+ },
+ "host": "dcp.cpp.philips.com:80",
+ "method": "POST",
+ "src_ip": "192.168.0.160",
+ "src_port": 45219,
+ "ts": "1508488402.457324000",
+ "uri": "/DcpRequestHandler/index.ashx"
+ },
+ "54753c2d-6229-405d-8cbd-b54c2d464099": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56612,
+ "ts": "1508469853.385023000",
+ "uri": "/description.xml"
+ },
+ "562394f8-b1da-4002-9ad4-822c09bee722": {
+ "dst_ip": "5.79.62.93",
+ "dst_port": 80,
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.src": "00:17:88:69:ee:e4",
+ "headers": {
+ "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"52\", Nonce=\"+prNMq//zoxaF9UIAX4cmA==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"PD/HP4NMadOITSv65W1NVQ==\"",
+ "connection": "close",
+ "content-length": "1328",
+ "content-type": "application/CB-Encrypted; cipher=AES",
+ "host": "dcp.cpp.philips.com:80"
+ },
+ "host": "dcp.cpp.philips.com:80",
+ "method": "POST",
+ "src_ip": "192.168.0.160",
+ "src_port": 45176,
+ "ts": "1508463202.320736000",
+ "uri": "/DcpRequestHandler/index.ashx"
+ },
+ "58c45fe4-76f3-4b37-a318-32c55384cc82": {
+ "dst_ip": "5.79.62.93",
+ "dst_port": 80,
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.src": "00:17:88:69:ee:e4",
+ "headers": {
+ "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"65\", Nonce=\"YbFoE9OcpdiMF9UI5i3Sxg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"2+jvV9CpnWbrY7RxSfhszw==\"",
+ "connection": "close",
+ "content-length": "1328",
+ "content-type": "application/CB-Encrypted; cipher=AES",
+ "host": "dcp.cpp.philips.com:80"
+ },
+ "host": "dcp.cpp.philips.com:80",
+ "method": "POST",
+ "src_ip": "192.168.0.160",
+ "src_port": 45218,
+ "ts": "1508488402.036753000",
+ "uri": "/DcpRequestHandler/index.ashx"
+ },
+ "5d624b10-ff7e-4134-a095-ebb132041283": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56537,
+ "ts": "1508463913.049301000",
+ "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
+ },
+ "5fc69874-d257-4986-8e73-81fe63d58a58": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56970,
+ "ts": "1508500993.744272000",
+ "uri": "/description.xml"
+ },
+ "6134fa96-2d71-4749-ab82-c9680631966d": {
+ "dst_ip": "5.79.62.93",
+ "dst_port": 80,
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.src": "00:17:88:69:ee:e4",
+ "headers": {
+ "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"49\", Nonce=\"pjd9TR/COapKF9UIvgMIbg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"cWIdFvlc1zTaM1lRh+sG1w==\"",
+ "connection": "close",
+ "content-length": "1328",
+ "content-type": "application/CB-Encrypted; cipher=AES",
+ "host": "dcp.cpp.philips.com:80"
+ },
+ "host": "dcp.cpp.philips.com:80",
+ "method": "POST",
+ "src_ip": "192.168.0.160",
+ "src_port": 45168,
+ "ts": "1508459603.327754000",
+ "uri": "/DcpRequestHandler/index.ashx"
+ },
+ "640baacd-ba1a-46ba-925f-1e7459564989": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56539,
+ "ts": "1508463913.918475000",
+ "uri": "/description.xml"
+ },
+ "6518d1b2-1015-4ec9-95ee-77e9830e115a": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56878,
+ "ts": "1508493119.118306000",
+ "uri": "/description.xml"
+ },
+ "6a4d30ba-1446-4921-84c1-fbbbf1a4f6e1": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56794,
+ "ts": "1508485432.979175000",
+ "uri": "/description.xml"
+ },
+ "6a7f595a-e223-45b3-97cc-48cad9d7c548": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 57073,
+ "ts": "1508509214.519479000",
+ "uri": "/description.xml"
+ },
+ "6cb61e21-61f1-4d86-8211-f8e52362755f": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56788,
+ "ts": "1508485431.641818000",
+ "uri": "/description.xml"
+ },
+ "6ce7eecd-fadf-45e2-9cea-fdd76d667be6": {
+ "dst_ip": "5.79.62.93",
+ "dst_port": 80,
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.src": "00:17:88:69:ee:e4",
+ "headers": {
+ "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"53\", Nonce=\"Aj6ghgnkEo1aF9UIkdJNZQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"9OaGG6mRlwNym3ixwA9ivw==\"",
+ "connection": "close",
+ "content-length": "1328",
+ "content-type": "application/CB-Encrypted; cipher=AES",
+ "host": "dcp.cpp.philips.com:80"
+ },
+ "host": "dcp.cpp.philips.com:80",
+ "method": "POST",
+ "src_ip": "192.168.0.160",
+ "src_port": 45181,
+ "ts": "1508466802.518608000",
+ "uri": "/DcpRequestHandler/index.ashx"
+ },
+ "6de21d41-d0c9-4504-bb60-86479bdd0d1f": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 57071,
+ "ts": "1508509214.280691000",
+ "uri": "/description.xml"
+ },
+ "6eac540f-2617-4caf-a777-158fa155a7e2": {
+ "dst_ip": "5.79.62.93",
+ "dst_port": 80,
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.src": "00:17:88:69:ee:e4",
+ "headers": {
+ "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"54\", Nonce=\"RnQj4ESU6O5iF9UIGxlBuw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"lFHZk7Y9NuBYpbyswcoUZw==\"",
+ "connection": "close",
+ "content-length": "1328",
+ "content-type": "application/CB-Encrypted; cipher=AES",
+ "host": "dcp.cpp.philips.com:80"
+ },
+ "host": "dcp.cpp.philips.com:80",
+ "method": "POST",
+ "src_ip": "192.168.0.160",
+ "src_port": 45182,
+ "ts": "1508466802.939248000",
+ "uri": "/DcpRequestHandler/index.ashx"
+ },
+ "706cc9e4-06a0-4260-a5fb-d1e5846b15fd": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56613,
+ "ts": "1508469853.515797000",
+ "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
+ },
+ "73768ca9-ada0-4930-9be5-a4ae242bc6e3": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56698,
+ "ts": "1508477533.627907000",
+ "uri": "/description.xml"
+ },
+ "75b2f21d-cafb-4fa2-a1be-86c8da9b7b9c": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56696,
+ "ts": "1508477533.470368000",
+ "uri": "/description.xml"
+ },
+ "773114f0-2158-4484-9905-0b2c23357138": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56881,
+ "ts": "1508493120.171827000",
+ "uri": "/description.xml"
+ },
+ "7a7d63cd-9a64-4c22-943c-2ff539fb0713": {
+ "dst_ip": "5.79.62.93",
+ "dst_port": 80,
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.src": "00:17:88:69:ee:e4",
+ "headers": {
+ "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"50\", Nonce=\"HYIu7st62itSF9UI1C0tnw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"AIJFnUuBeCAhSJwsSPPIJA==\"",
+ "connection": "close",
+ "content-length": "1328",
+ "content-type": "application/CB-Encrypted; cipher=AES",
+ "host": "dcp.cpp.philips.com:80"
+ },
+ "host": "dcp.cpp.philips.com:80",
+ "method": "POST",
+ "src_ip": "192.168.0.160",
+ "src_port": 45169,
+ "ts": "1508459603.745723000",
+ "uri": "/DcpRequestHandler/index.ashx"
+ },
+ "7bbe7675-bca6-480c-8b4c-372cfb412b65": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56700,
+ "ts": "1508477534.717225000",
+ "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
+ },
+ "7c0eac67-4f15-4fce-8443-ef89c391060b": {
+ "dst_ip": "5.79.62.93",
+ "dst_port": 80,
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.src": "00:17:88:69:ee:e4",
+ "headers": {
+ "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"70\", Nonce=\"w0E1Ikptdv2lF9UIt96XtA==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"ZbLS0OUJ3WJY/VmOWlIEQg==\"",
+ "connection": "close",
+ "content-length": "1328",
+ "content-type": "application/CB-Encrypted; cipher=AES",
+ "host": "dcp.cpp.philips.com:80"
+ },
+ "host": "dcp.cpp.philips.com:80",
+ "method": "POST",
+ "src_ip": "192.168.0.160",
+ "src_port": 45231,
+ "ts": "1508495603.618857000",
+ "uri": "/DcpRequestHandler/index.ashx"
+ },
+ "80a3ebbb-6983-406f-8bfa-4c0e9ccca1f7": {
+ "dst_ip": "5.79.62.93",
+ "dst_port": 80,
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.src": "00:17:88:69:ee:e4",
+ "headers": {
+ "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"73\", Nonce=\"D/VVU+4V91+uF9UIMimHoA==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"wTYNVcjDJuYaIlqPvDbd+Q==\"",
+ "connection": "close",
+ "content-length": "1328",
+ "content-type": "application/CB-Encrypted; cipher=AES",
+ "host": "dcp.cpp.philips.com:80"
+ },
+ "host": "dcp.cpp.philips.com:80",
+ "method": "POST",
+ "src_ip": "192.168.0.160",
+ "src_port": 45242,
+ "ts": "1508502802.629928000",
+ "uri": "/DcpRequestHandler/index.ashx"
+ },
+ "80ca0244-6b0d-4b4c-9672-c0e4d82ba48e": {
+ "dst_ip": "5.79.62.93",
+ "dst_port": 80,
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.src": "00:17:88:69:ee:e4",
+ "headers": {
+ "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"61\", Nonce=\"wrIsdgJIWhR8F9UIx6Nk6A==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"rMFjUBkfbR8k+XM4J0Nk+A==\"",
+ "connection": "close",
+ "content-length": "1328",
+ "content-type": "application/CB-Encrypted; cipher=AES",
+ "host": "dcp.cpp.philips.com:80"
+ },
+ "host": "dcp.cpp.philips.com:80",
+ "method": "POST",
+ "src_ip": "192.168.0.160",
+ "src_port": 45205,
+ "ts": "1508481202.944385000",
+ "uri": "/DcpRequestHandler/index.ashx"
+ },
+ "8404af06-b8d8-4276-aea8-fee733250922": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56880,
+ "ts": "1508493119.423201000",
+ "uri": "/description.xml"
+ },
+ "87e491e1-d4e0-4248-8172-fa71bfbd2625": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56966,
+ "ts": "1508500992.697184000",
+ "uri": "/description.xml"
+ },
+ "8b7dcd6a-c592-42c6-8749-433f748ff589": {
+ "dst_ip": "5.79.62.93",
+ "dst_port": 80,
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.src": "00:17:88:69:ee:e4",
+ "headers": {
+ "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"77\", Nonce=\"v6de2RSqHCO/F9UIB9IETQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"Y2KkPRoOd5rN1bo4Bru7XQ==\"",
+ "connection": "close",
+ "content-length": "1328",
+ "content-type": "application/CB-Encrypted; cipher=AES",
+ "host": "dcp.cpp.philips.com:80"
+ },
+ "host": "dcp.cpp.philips.com:80",
+ "method": "POST",
+ "src_ip": "192.168.0.160",
+ "src_port": 45254,
+ "ts": "1508510003.723787000",
+ "uri": "/DcpRequestHandler/index.ashx"
+ },
+ "902ca1cf-b791-4fdd-bc7c-63eda786335d": {
+ "dst_ip": "5.79.62.93",
+ "dst_port": 80,
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.src": "00:17:88:69:ee:e4",
+ "headers": {
+ "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"69\", Nonce=\"O2nbMFG4qpudF9UI9et8gQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"rE4BCqqoV5ApwZlmkzLx/A==\"",
+ "connection": "close",
+ "content-length": "1328",
+ "content-type": "application/CB-Encrypted; cipher=AES",
+ "host": "dcp.cpp.philips.com:80"
+ },
+ "host": "dcp.cpp.philips.com:80",
+ "method": "POST",
+ "src_ip": "192.168.0.160",
+ "src_port": 45230,
+ "ts": "1508495603.198446000",
+ "uri": "/DcpRequestHandler/index.ashx"
+ },
+ "94ca8be3-3c28-4fae-93da-2bdf41621ad0": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 57061,
+ "ts": "1508509045.209972000",
+ "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
+ },
+ "995abfd5-ed0b-4d4d-a9fe-1c09fb7f0baa": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56793,
+ "ts": "1508485432.751765000",
+ "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
+ },
+ "9aa6333b-b72b-455a-8135-c75c0c81ae72": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56702,
+ "ts": "1508477535.050616000",
+ "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
+ },
+ "9b7c2e45-6897-47f5-a3ac-60a88fd71525": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56610,
+ "ts": "1508469852.190570000",
+ "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
+ },
+ "a12bb9fa-49ec-4969-b687-18567f93d8a8": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 57065,
+ "ts": "1508509046.706024000",
+ "uri": "/description.xml"
+ },
+ "a1305724-ce2b-4ec0-96a1-56ffdada2782": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56791,
+ "ts": "1508485432.224563000",
+ "uri": "/description.xml"
+ },
+ "a4464775-d8d8-44fc-9215-94a4bfb5c26d": {
+ "dst_ip": "5.79.62.93",
+ "dst_port": 80,
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.src": "00:17:88:69:ee:e4",
+ "headers": {
+ "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"76\", Nonce=\"Txncu/KW2yK/F9UIeTMGug==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"Fn/fJIlXLMbcdiZ27pWNwQ==\"",
+ "connection": "close",
+ "content-length": "1328",
+ "content-type": "application/CB-Encrypted; cipher=AES",
+ "host": "dcp.cpp.philips.com:80"
+ },
+ "host": "dcp.cpp.philips.com:80",
+ "method": "POST",
+ "src_ip": "192.168.0.160",
+ "src_port": 45249,
+ "ts": "1508506403.694917000",
+ "uri": "/DcpRequestHandler/index.ashx"
+ },
+ "a61dd83c-6989-4559-9039-363dbeb54ab9": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56542,
+ "ts": "1508463914.840072000",
+ "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
+ },
+ "a9ce3646-8671-4c44-a14e-47a38d0a32e0": {
+ "dst_ip": "5.79.62.93",
+ "dst_port": 80,
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.src": "00:17:88:69:ee:e4",
+ "headers": {
+ "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"56\", Nonce=\"87rYprWmElFrF9UIyB2bjQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"5oOnGRHc4VVgOtmTGnSXSw==\"",
+ "connection": "close",
+ "content-length": "1328",
+ "content-type": "application/CB-Encrypted; cipher=AES",
+ "host": "dcp.cpp.philips.com:80"
+ },
+ "host": "dcp.cpp.philips.com:80",
+ "method": "POST",
+ "src_ip": "192.168.0.160",
+ "src_port": 45188,
+ "ts": "1508470403.541300000",
+ "uri": "/DcpRequestHandler/index.ashx"
+ },
+ "acd1abe3-3f2e-4656-8847-5c3213277d11": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56882,
+ "ts": "1508493120.316778000",
+ "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
+ },
+ "bc134e48-ab13-4e58-b132-dd6435f3ac2b": {
+ "dst_ip": "5.79.62.93",
+ "dst_port": 80,
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.src": "00:17:88:69:ee:e4",
+ "headers": {
+ "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"71\", Nonce=\"LtIwGyrkvv2lF9UIdFDgLg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"jTrgvKNNbcTEqXRajrcYKQ==\"",
+ "connection": "close",
+ "content-length": "1328",
+ "content-type": "application/CB-Encrypted; cipher=AES",
+ "host": "dcp.cpp.philips.com:80"
+ },
+ "host": "dcp.cpp.philips.com:80",
+ "method": "POST",
+ "src_ip": "192.168.0.160",
+ "src_port": 45236,
+ "ts": "1508499203.924411000",
+ "uri": "/DcpRequestHandler/index.ashx"
+ },
+ "bd3385cb-97f2-43ba-9639-b92249b43a20": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 57063,
+ "ts": "1508509046.116595000",
+ "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
+ },
+ "bffb106d-cfe8-4a1c-9f23-33fbd2d5e217": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56969,
+ "ts": "1508500993.623407000",
+ "uri": "/description.xml"
+ },
+ "c0838e3b-834e-413b-bcb8-d259b10616d1": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 57075,
+ "ts": "1508509215.520208000",
+ "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
+ },
+ "cacaff93-4fc0-4d24-a0db-83a437c22f8f": {
+ "dst_ip": "5.79.62.93",
+ "dst_port": 80,
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.src": "00:17:88:69:ee:e4",
+ "headers": {
+ "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"64\", Nonce=\"WIGvypHsZdiMF9UIrliQWQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"uf13Jx8s/eL7BiklzmuutQ==\"",
+ "connection": "close",
+ "content-length": "1328",
+ "content-type": "application/CB-Encrypted; cipher=AES",
+ "host": "dcp.cpp.philips.com:80"
+ },
+ "host": "dcp.cpp.philips.com:80",
+ "method": "POST",
+ "src_ip": "192.168.0.160",
+ "src_port": 45213,
+ "ts": "1508484804.000058000",
+ "uri": "/DcpRequestHandler/index.ashx"
+ },
+ "cb89a141-47e7-48e2-86bb-998e956c390a": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56614,
+ "ts": "1508469853.818103000",
+ "uri": "/description.xml"
+ },
+ "d798cc2e-b848-416a-ae9f-0feb5c5cc83a": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 57074,
+ "ts": "1508509215.329645000",
+ "uri": "/description.xml"
+ },
+ "db713a11-86ca-4903-bf03-78c056424a33": {
+ "dst_ip": "5.79.62.93",
+ "dst_port": 80,
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.src": "00:17:88:69:ee:e4",
+ "headers": {
+ "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"68\", Nonce=\"pedBaQkJYZudF9UICPNNyA==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"rXzU3PkJXq66quYxt4dR0w==\"",
+ "connection": "close",
+ "content-length": "1328",
+ "content-type": "application/CB-Encrypted; cipher=AES",
+ "host": "dcp.cpp.philips.com:80"
+ },
+ "host": "dcp.cpp.philips.com:80",
+ "method": "POST",
+ "src_ip": "192.168.0.160",
+ "src_port": 45225,
+ "ts": "1508492003.083641000",
+ "uri": "/DcpRequestHandler/index.ashx"
+ },
+ "de22dff6-4385-4c1b-9c0e-647784497294": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56795,
+ "ts": "1508485433.142029000",
+ "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
+ },
+ "df5bcd9f-f274-4fff-b318-27fb659b6f59": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 57064,
+ "ts": "1508509046.116540000",
+ "uri": "/description.xml"
+ },
+ "e3d19c2c-b137-4756-919c-f70036e6ee04": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56615,
+ "ts": "1508469854.003616000",
+ "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
+ },
+ "e600104e-fbe8-4319-9d84-ca08047efd0f": {
+ "dst_ip": "5.79.62.93",
+ "dst_port": 80,
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.src": "00:17:88:69:ee:e4",
+ "headers": {
+ "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"75\", Nonce=\"8tOzN9657sC2F9UIl3ayqQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"OZk4/yc2TQeK7ph0tAkojA==\"",
+ "connection": "close",
+ "content-length": "1328",
+ "content-type": "application/CB-Encrypted; cipher=AES",
+ "host": "dcp.cpp.philips.com:80"
+ },
+ "host": "dcp.cpp.philips.com:80",
+ "method": "POST",
+ "src_ip": "192.168.0.160",
+ "src_port": 45248,
+ "ts": "1508506403.275265000",
+ "uri": "/DcpRequestHandler/index.ashx"
+ },
+ "e9139b55-7c4d-407f-aaeb-b4e748a066a3": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56792,
+ "ts": "1508485432.565257000",
+ "uri": "/description.xml"
+ },
+ "e9557ac5-4e07-4514-a804-1b0a69b99036": {
+ "dst_ip": "5.79.62.93",
+ "dst_port": 80,
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.src": "00:17:88:69:ee:e4",
+ "headers": {
+ "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"62\", Nonce=\"BdKCsHaZQHaEF9UI5C5bWQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"hZf/7zl4u0jeRzps/5PXjA==\"",
+ "connection": "close",
+ "content-length": "1328",
+ "content-type": "application/CB-Encrypted; cipher=AES",
+ "host": "dcp.cpp.philips.com:80"
+ },
+ "host": "dcp.cpp.philips.com:80",
+ "method": "POST",
+ "src_ip": "192.168.0.160",
+ "src_port": 45206,
+ "ts": "1508481203.365353000",
+ "uri": "/DcpRequestHandler/index.ashx"
+ },
+ "ed359f08-9716-46e9-b242-fa0a7ad74b32": {
+ "dst_ip": "5.79.62.93",
+ "dst_port": 80,
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.src": "00:17:88:69:ee:e4",
+ "headers": {
+ "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"58\", Nonce=\"rSl/kVJvL7NzF9UIfuR6vQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"F1ymgtXGLgEjjsJtNRm7jQ==\"",
+ "connection": "close",
+ "content-length": "1328",
+ "content-type": "application/CB-Encrypted; cipher=AES",
+ "host": "dcp.cpp.philips.com:80"
+ },
+ "host": "dcp.cpp.philips.com:80",
+ "method": "POST",
+ "src_ip": "192.168.0.160",
+ "src_port": 45194,
+ "ts": "1508474004.097958000",
+ "uri": "/DcpRequestHandler/index.ashx"
+ },
+ "edbec7e3-ab76-4c3d-92cf-afbf3a717665": {
+ "dst_ip": "130.211.67.12",
+ "dst_port": 80,
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.src": "00:17:88:69:ee:e4",
+ "headers": {
+ "connection": "close",
+ "content-type": "text/plain",
+ "host": "diagnostics.meethue.com:80",
+ "transfer-encoding": "chunked"
+ },
+ "host": "diagnostics.meethue.com:80",
+ "method": "POST",
+ "src_ip": "192.168.0.160",
+ "src_port": 54196,
+ "ts": "1508483525.057124000",
+ "uri": "/bridges/ws/stats?sso=91c2b44e0cc2e21ed49576ab6732c15b5c8a86e5f4211feb4a1e9a086dddf9d2663e7c6b035a33b43dd98c6168842c6bbed4f84f8ba27cb6e6593dc3de07a2909c62693157c503a676c182a44daf78ddae30900de525cad753035de299958db2121a4284346b74371c889cfc5df609cb33d126e3051871163f5d767a9d53b72ae6e8901db39b90d2247db5cb734db1b8f18c37bfc23ed6091359629f8c68074ea0d7377c6da7b5b88bccda18a2e137e29f0bab89d64d94c2524b639e5712061b&i=aa75654336d2f72df5b22d857fe4e512&auth=c0692053fa23c4a9704396bc516c1287a38e4b38"
+ },
+ "ee7a172f-4939-42b3-90c4-f14569632c3d": {
+ "dst_ip": "5.79.62.93",
+ "dst_port": 80,
+ "eth.dst": "b0:b9:8a:73:69:8e",
+ "eth.src": "00:17:88:69:ee:e4",
+ "headers": {
+ "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"78\", Nonce=\"z9B2roxq4oTHF9UICymJ7Q==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"okPL+Sx5SKAgjONdFT54nQ==\"",
+ "connection": "close",
+ "content-length": "1328",
+ "content-type": "application/CB-Encrypted; cipher=AES",
+ "host": "dcp.cpp.philips.com:80"
+ },
+ "host": "dcp.cpp.philips.com:80",
+ "method": "POST",
+ "src_ip": "192.168.0.160",
+ "src_port": 45255,
+ "ts": "1508510004.140691000",
+ "uri": "/DcpRequestHandler/index.ashx"
+ },
+ "f1b63783-f5dd-4a48-ad04-40b447f2adf7": {
+ "dst_ip": "192.168.0.226",
+ "dst_port": 49153,
+ "eth.dst": "94:10:3e:36:60:09",
+ "eth.src": "d0:52:a8:a3:60:0f",
+ "headers": {
+ "content-length": "277",
+ "content-type": "text/xml; charset=\"utf-8\"",
+ "host": "192.168.0.226:49153",
+ "soapaction": "\"urn:Belkin:service:basicevent:1#GetBinaryState\"",
+ "user-agent": "CyberGarage-HTTP/1.0"
+ },
+ "host": "192.168.0.226:49153",
+ "method": "POST",
+ "src_ip": "192.168.0.243",
+ "src_port": 51912,
+ "ts": "1508472514.240077000",
+ "uri": "/upnp/control/basicevent1"
+ },
+ "f8607e7e-d759-4f28-95c4-9cb58fa19e67": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56541,
+ "ts": "1508463914.706660000",
+ "uri": "/description.xml"
+ },
+ "fa94b3a9-8cbd-4782-a151-a274592aeeb4": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56536,
+ "ts": "1508463912.908377000",
+ "uri": "/description.xml"
+ },
+ "fb58b8af-4bd8-443f-a9b1-9143aca25692": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56699,
+ "ts": "1508477534.524516000",
+ "uri": "/description.xml"
+ },
+ "fc44d4d5-0fff-4c2a-b246-1a3a2c162409": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 56790,
+ "ts": "1508485431.919622000",
+ "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
+ },
+ "fe685706-cfaa-4b66-9959-1fe78bbbd89a": {
+ "dst_ip": "192.168.0.160",
+ "dst_port": 80,
+ "eth.dst": "00:17:88:69:ee:e4",
+ "eth.src": "68:37:e9:d2:26:0d",
+ "headers": {
+ "accept": "*/*",
+ "host": "192.168.0.160"
+ },
+ "host": "192.168.0.160",
+ "method": "GET",
+ "src_ip": "192.168.0.227",
+ "src_port": 57066,
+ "ts": "1508509046.856076000",
+ "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights"
+ }
+}
\ No newline at end of file
--- /dev/null
+#!/usr/local/bin/python2.7
+
+""" -----------------------------------------------------------------------------
+ CAPture - a pcap file analyzer and report generator
+ (c) 2017 - Rahmadi Trimananda
+ University of California, Irvine - Programming Language and Systems
+ -----------------------------------------------------------------------------
+ Credits to tutorial: https://dpkt.readthedocs.io/en/latest/
+ -----------------------------------------------------------------------------
+"""
+
+import datetime
+import dpkt
+from dpkt.compat import compat_ord
+
+import socket
+import sys
+
+""" -----------------------------------------------------------------------------
+ Global variable declarations
+ -----------------------------------------------------------------------------
+"""
+# Command line arguments
+INPUT = "-i"
+OUTPUT = "-o"
+POINT_TO_MANY = "-pm"
+VERBOSE = "-v"
+
+
+def mac_addr(address):
+ # Courtesy of: https://dpkt.readthedocs.io/en/latest/
+ """ Convert a MAC address to a readable/printable string
+ Args:
+ address (str): a MAC address in hex form (e.g. '\x01\x02\x03\x04\x05\x06')
+ Returns:
+ str: Printable/readable MAC address
+ """
+ return ':'.join('%02x' % compat_ord(b) for b in address)
+
+
+def inet_to_str(inet):
+ # Courtesy of: https://dpkt.readthedocs.io/en/latest/
+ """ Convert inet object to a string
+ Args:
+ inet (inet struct): inet network address
+ Returns:
+ str: Printable/readable IP address
+ """
+ # First try ipv4 and then ipv6
+ try:
+ return socket.inet_ntop(socket.AF_INET, inet)
+ except ValueError:
+ return socket.inet_ntop(socket.AF_INET6, inet)
+
+
+def show_usage():
+ """ Show usage of this Python script
+ """
+ print "Usage: python CAPture.py [ -i <file-name>.pcap ] [ -o <file-name>.pcap ] [ -pm ] [ -v ]"
+ print
+ print "[ -o ] = output file"
+ print "[ -pm ] = point-to-many analysis"
+ print "[ -v ] = verbose output"
+ print "By default, this script does simple statistical analysis of IP, TCP, and UDP packets."
+ print "(c) 2017 - University of California, Irvine - Programming Language and Systems"
+
+
+def show_progress(verbose, counter):
+ """ Show packet processing progress
+ Args:
+ verbose: verbose output (True/False)
+ counter: counter of all packets
+ """
+ if verbose:
+ print "Processing packet number: ", counter
+ else:
+ if counter % 100000 == 0:
+ print "Processing %s packets..." % counter
+
+
+def show_summary(counter, ip_counter, tcp_counter, udp_counter):
+ """ Show summary of statistics of PCAP file
+ Args:
+ counter: counter of all packets
+ ip_counter: counter of all IP packets
+ tcp_counter: counter of all TCP packets
+ udp_counter: counter of all UDP packets
+ """
+ print
+ print "Total number of packets in the pcap file: ", counter
+ print "Total number of ip packets: ", ip_counter
+ print "Total number of tcp packets: ", tcp_counter
+ print "Total number of udp packets: ", udp_counter
+ print
+
+
+def save_to_file(tbl_header, dictionary, filename_out):
+ """ Show summary of statistics of PCAP file
+ Args:
+ tbl_header: header for the saved table
+ dictionary: dictionary to be saved
+ filename_out: file name to save
+ """
+ # Appending, not overwriting!
+ f = open(filename_out, 'a')
+ # Write the table header
+ f.write("\n\n" + str(tbl_header) + "\n");
+ # Iterate over dictionary and write (key, value) pairs
+ for key, value in dictionary.iteritems():
+ f.write(str(key) + ", " + str(value) + "\n")
+
+ f.close()
+ print "Writing output to file: ", filename_out
+
+
+def statistical_analysis(verbose, pcap, counter, ip_counter, tcp_counter, udp_counter):
+ """ This is the default analysis of packet statistics (generic)
+ Args:
+ verbose: verbose output (True/False)
+ pcap: object that handles PCAP file content
+ counter: counter of all packets
+ ip_counter: counter of all IP packets
+ tcp_counter: counter of all TCP packets
+ udp_counter: counter of all UDP packets
+ """
+ for time_stamp, packet in pcap:
+
+ counter += 1
+ eth = dpkt.ethernet.Ethernet(packet)
+
+ if verbose:
+ # Print out the timestamp in UTC
+ print "Timestamp: ", str(datetime.datetime.utcfromtimestamp(time_stamp))
+ # Print out the MAC addresses
+ print "Ethernet frame: ", mac_addr(eth.src), mac_addr(eth.dst), eth.data.__class__.__name__
+
+ # Process only IP data
+ if not isinstance(eth.data, dpkt.ip.IP):
+
+ is_ip = False
+ if verbose:
+ print "Non IP packet type not analyzed... skipping..."
+ else:
+ is_ip = True
+
+ if is_ip:
+ ip = eth.data
+ ip_counter += 1
+
+ # Pull out fragment information (flags and offset all packed into off field, so use bitmasks)
+ do_not_fragment = bool(ip.off & dpkt.ip.IP_DF)
+ more_fragments = bool(ip.off & dpkt.ip.IP_MF)
+ fragment_offset = ip.off & dpkt.ip.IP_OFFMASK
+
+ if verbose:
+ # Print out the complete IP information
+ print "IP: %s -> %s (len=%d ttl=%d DF=%d MF=%d offset=%d)\n" % \
+ (inet_to_str(ip.src), inet_to_str(ip.dst), ip.len, ip.ttl, do_not_fragment,
+ more_fragments, fragment_offset)
+
+ # Count TCP packets
+ if ip.p == dpkt.ip.IP_PROTO_TCP:
+ tcp_counter += 1
+
+ # Count UDP packets
+ if ip.p == dpkt.ip.IP_PROTO_UDP:
+ udp_counter += 1
+
+ show_progress(verbose, counter)
+
+ # Print general statistics
+ show_summary(counter, ip_counter, tcp_counter, udp_counter)
+
+
+def point_to_many_analysis(filename_out, dev_add, verbose, pcap, counter, ip_counter,
+ tcp_counter, udp_counter):
+ """ This analysis presents how 1 device (MAC address or IP address) communicates
+ to every other device in the analyzed PCAP file.
+ Args:
+ dev_add: device address (MAC or IP address)
+ verbose: verbose output (True/False)
+ pcap: object that handles PCAP file content
+ counter: counter of all packets
+ ip_counter: counter of all IP packets
+ tcp_counter: counter of all TCP packets
+ udp_counter: counter of all UDP packets
+ """
+ # Dictionary that preserves the mapping between destination address to frequency
+ mac2freq = dict()
+ ip2freq = dict()
+ for time_stamp, packet in pcap:
+
+ counter += 1
+ eth = dpkt.ethernet.Ethernet(packet)
+
+ # Save the timestamp and MAC addresses
+ tstamp = str(datetime.datetime.utcfromtimestamp(time_stamp))
+ mac_src = mac_addr(eth.src)
+ mac_dst = mac_addr(eth.dst)
+
+ # Process only IP data
+ if not isinstance(eth.data, dpkt.ip.IP):
+
+ is_ip = False
+ if verbose:
+ print "Non IP packet type not analyzed... skipping..."
+ print
+ else:
+ is_ip = True
+
+ if is_ip:
+ ip = eth.data
+ ip_counter += 1
+
+ # Pull out fragment information (flags and offset all packed into off field, so use bitmasks)
+ do_not_fragment = bool(ip.off & dpkt.ip.IP_DF)
+ more_fragments = bool(ip.off & dpkt.ip.IP_MF)
+ fragment_offset = ip.off & dpkt.ip.IP_OFFMASK
+
+ # Save IP addresses
+ ip_src = inet_to_str(ip.src)
+ ip_dst = inet_to_str(ip.dst)
+
+ if verbose:
+ # Print out the complete IP information
+ print "IP: %s -> %s (len=%d ttl=%d DF=%d MF=%d offset=%d)\n" % \
+ (ip_src, ip_dst, ip.len, ip.ttl, do_not_fragment,
+ more_fragments, fragment_offset)
+
+ # Categorize packets based on source device address
+ # Save the destination device addresses (point-to-many)
+ if dev_add == ip_src:
+ if ip_dst in ip2freq:
+ freq = ip2freq[ip_dst]
+ ip2freq[ip_dst] = freq + 1
+ else:
+ ip2freq[ip_dst] = 1
+
+ if dev_add == mac_src:
+ if mac_dst in ip2freq:
+ freq = mac2freq[mac_dst]
+ mac2freq[mac_dst] = freq + 1
+ else:
+ mac2freq[mac_dst] = 1
+
+ # Count TCP packets
+ if ip.p == dpkt.ip.IP_PROTO_TCP:
+ tcp_counter += 1
+
+ # Count UDP packets
+ if ip.p == dpkt.ip.IP_PROTO_UDP:
+ udp_counter += 1
+
+ show_progress(verbose, counter)
+
+ # Print general statistics
+ show_summary(counter, ip_counter, tcp_counter, udp_counter)
+ # Save results into file if filename_out is not empty
+ if not filename_out == "":
+ print "Saving results into file: ", filename_out
+ ip_tbl_header = "Point-to-many Analysis - IP destinations for " + dev_add
+ mac_tbl_header = "Point-to-many Analysis - MAC destinations for " + dev_add
+ save_to_file(ip_tbl_header, ip2freq, filename_out)
+ save_to_file(mac_tbl_header, mac2freq, filename_out)
+ else:
+ print "Output file name is not specified... exitting now!"
+
+
+def parse_cli_args(argv):
+ """ Parse command line arguments and store them in a dictionary
+ Args:
+ argv: list of command line arguments and their values
+ Returns:
+ str: dictionary that maps arguments to their values
+ """
+ options = dict()
+ # First argument is "CAPture.py", so skip it
+ argv = argv[1:]
+ # Loop and collect arguments and their values
+ while argv:
+ print "Examining argument: ", argv[0]
+ # Check the first character of each argv list
+ # If it is a '-' then it is a command line argument
+ if argv[0][0] == '-':
+ if argv[0] == VERBOSE:
+ # We don't have value for the argument VERBOSE
+ options[argv[0]] = argv[0]
+ # Remove one command line argument and its value
+ argv = argv[1:]
+ else:
+ options[argv[0]] = argv[1]
+ # Remove one command line argument and its value
+ argv = argv[2:]
+
+ return options
+
+
+""" -----------------------------------------------------------------------------
+ Main Running Methods
+ -----------------------------------------------------------------------------
+"""
+def main():
+ # Variable declarations
+ global CAP_EXTENSION
+ global PCAP_EXTENSION
+ global VERBOSE
+ global POINT_TO_MANY
+
+ # Counters
+ counter = 0
+ ip_counter = 0
+ tcp_counter = 0
+ udp_counter = 0
+ # Booleans as flags
+ verbose = False
+ is_ip = True
+ is_statistical_analysis = True
+ is_point_to_many_analysis = False
+ # Names
+ filename_in = ""
+ filename_out = ""
+ dev_add = ""
+
+ # Welcome message
+ print
+ print "Welcome to CAPture version 1.0 - A PCAP file instant analyzer!"
+
+ # Get file name from user input
+ # Show usage if file name is not specified (only accept 1 file name for now)
+ if len(sys.argv) < 2:
+ show_usage()
+ print
+ return
+
+ # Check and process sys.argv
+ options = parse_cli_args(sys.argv)
+ for key, value in options.iteritems():
+ # Process "-i" - input PCAP file
+ if key == INPUT:
+ filename_in = value
+ elif key == OUTPUT:
+ filename_out = value
+ elif key == VERBOSE:
+ verbose = True
+ elif key == POINT_TO_MANY:
+ is_statistical_analysis = False
+ is_point_to_many_analysis = True
+ dev_add = value
+
+ # Show manual again if input is not correct
+ if filename_in == "":
+ print "File name is empty!"
+ print
+ show_usage()
+ print
+ return
+
+ # dev_add is needed for these analyses
+ if is_point_to_many_analysis and dev_add == "":
+ print "Device address is empty!"
+ print
+ show_usage()
+ print
+ return
+
+ # One PCAP file name is specified - now analyze!
+ print "Analyzing PCAP file: ", filename_in
+
+ # Opening and analyzing PCAP file
+ f = open(filename_in,'rb')
+ pcap = dpkt.pcap.Reader(f)
+
+ # Choose from the existing options
+ if is_statistical_analysis:
+ statistical_analysis(verbose, pcap, counter, ip_counter, tcp_counter, udp_counter)
+ elif is_point_to_many_analysis:
+ point_to_many_analysis(filename_out, dev_add, verbose, pcap, counter, ip_counter,
+ tcp_counter, udp_counter)
+
+
+if __name__ == "__main__":
+ # call main function since this is being run as the start
+ main()
+
+
--- /dev/null
+#!/usr/bin/python
+
+"""
+Script that constructs a graph in which hosts are nodes.
+An edge between two hosts indicate that the hosts communicate.
+Hosts are labeled and identified by their IPs.
+The graph is written to a file in Graph Exchange XML format for later import and visual inspection in Gephi.
+
+The input to this script is the JSON output by extract_from_tshark.py by Anastasia Shuba.
+
+This script is a simplification of Milad Asgari's parser_data_to_gephi.py script.
+It serves as a baseline for future scripts that want to include more information in the graph.
+"""
+
+import socket
+import json
+import tldextract
+import networkx as nx
+import sys
+from decimal import *
+
+import parse_dns
+
+JSON_KEY_ETH_SRC = "eth.src"
+JSON_KEY_ETH_DST = "eth.dst"
+
+def parse_json(file_path):
+
+ device_dns_mappings = parse_dns.parse_json_dns("./dns.json")
+
+ # Init empty graph
+ G = nx.DiGraph()
+ with open(file_path) as jf:
+ # Read JSON.
+ # data becomes reference to root JSON object (or in our case json array)
+ data = json.load(jf)
+ # Loop through json objects in data
+ for k in data:
+ # Fetch timestamp of packet
+ packet_timestamp = Decimal(data[k]["ts"])
+ # Fetch eth source and destination info
+ eth_src = data[k][JSON_KEY_ETH_SRC]
+ eth_dst = data[k][JSON_KEY_ETH_DST]
+ # Traffic can be both outbound and inbound.
+ # Determine which one of the two by looking up device MAC in DNS map.
+ iot_device = None
+ if eth_src in device_dns_mappings:
+ iot_device = eth_src
+ elif eth_dst in device_dns_mappings:
+ iot_device = eth_dst
+ else:
+ print "[ WARNING: DNS mapping not found for device with MAC", eth_src, "OR", eth_dst, "]"
+ # This must be local communication between two IoT devices OR an IoT device talking to a hardcoded IP.
+ # For now let's assume local communication.
+ # Add a node for each device and an edge between them.
+ G.add_node(eth_src)
+ G.add_node(eth_dst)
+ G.add_edge(eth_src, eth_dst)
+ # TODO add regex check on src+dst IP to figure out if hardcoded server IP (e.g. check if one of the two are NOT a 192.168.x.y IP)
+ continue
+ # It is outbound traffic if iot_device matches src, otherwise it must be inbound traffic.
+ outbound_traffic = iot_device == eth_src
+
+ ''' Graph construction '''
+ # No need to check if the Nodes and/or Edges we add already exist:
+ # NetworkX won't add already existing nodes/edges (except in the case of a MultiGraph or MultiDiGraph (see NetworkX doc)).
+
+ # Add a node for each host.
+ # First add node for IoT device.
+ G.add_node(iot_device)
+ # Then add node for the server.
+ # For this we need to distinguish between outbound and inbound traffic so that we look up the proper IP in our DNS map.
+ # For outbound traffic, the server's IP is the destination IP.
+ # For inbound traffic, the server's IP is the source IP.
+ server_ip = data[k]["dst_ip"] if outbound_traffic else data[k]["src_ip"]
+ hostname = device_dns_mappings[iot_device].hostname_for_ip_at_time(server_ip, packet_timestamp)
+ if hostname is None:
+ # TODO this can occur when two local devices communicate OR if IoT device has hardcoded server IP.
+ # However, we only get here for the DNS that have not performed any DNS lookups
+ # We should use a regex check early in the loop to see if it is two local devices communicating.
+ # This way we would not have to consider these corner cases later on.
+ print "[ WARNING: no ip-hostname mapping found for ip", server_ip, " -- adding eth.src->eth.dst edge, but note that this may be incorrect if IoT device has hardcoded server IP ]"
+ G.add_node(eth_src)
+ G.add_node(eth_dst)
+ G.add_edge(eth_src, eth_dst)
+ continue
+ G.add_node(hostname)
+ # Connect the two nodes we just added.
+ if outbound_traffic:
+ G.add_edge(iot_device, hostname)
+ else:
+ G.add_edge(hostname, iot_device)
+ return G
+
+# ------------------------------------------------------
+# Not currently used.
+# Might be useful later on if we wish to resolve IPs.
+def get_domain(host):
+ ext_result = tldextract.extract(str(host))
+ # Be consistent with ReCon and keep suffix
+ domain = ext_result.domain + "." + ext_result.suffix
+ return domain
+
+def is_IP(addr):
+ try:
+ socket.inet_aton(addr)
+ return True
+ except socket.error:
+ return False
+# ------------------------------------------------------
+
+if __name__ == '__main__':
+ if len(sys.argv) < 3:
+ print "Usage:", sys.argv[0], "input_file output_file"
+ print "outfile_file should end in .gexf"
+ sys.exit(0)
+ # Input file: Path to JSON file generated from tshark JSON output using Anastasia's script (extract_from_tshark.py).
+ input_file = sys.argv[1]
+ print "[ input_file =", input_file, "]"
+ # Output file: Path to file where the Gephi XML should be written.
+ output_file = sys.argv[2]
+ print "[ output_file =", output_file, "]"
+ # Construct graph from JSON
+ G = parse_json(input_file)
+ # Write Graph in Graph Exchange XML format
+ nx.write_gexf(G, output_file)
--- /dev/null
+#!/usr/bin/python\r
+\r
+"""\r
+Script used to extract only the needed information from JSON packet traces generated by\r
+tshark from PCAPNG format\r
+"""\r
+\r
+import os, sys\r
+import json\r
+import uuid\r
+\r
+from collections import OrderedDict\r
+\r
+json_key_source = "_source"\r
+json_key_layers = "layers"\r
+\r
+json_key_ip = "ip"\r
+json_key_tcp = "tcp"\r
+\r
+json_key_http = "http"\r
+json_key_method = "method"\r
+json_key_uri = "uri"\r
+json_key_headers = "headers"\r
+json_key_host = "host"\r
+\r
+json_key_http_req = json_key_http + ".request."\r
+json_key_http_req_method = json_key_http_req + json_key_method\r
+json_key_http_req_uri = json_key_http_req + json_key_uri\r
+json_key_http_req_line = json_key_http_req + "line"\r
+\r
+json_key_pkt_comment = "pkt_comment"\r
+\r
+json_key_frame = "frame"\r
+json_key_frame_num = json_key_frame + ".number"\r
+json_key_frame_comment = json_key_frame + ".comment"\r
+json_key_frame_ts = json_key_frame + ".time_epoch"\r
+\r
+\r
+JSON_KEY_ETH = "eth"\r
+JSON_KEY_ETH_SRC = "eth.src"\r
+JSON_KEY_ETH_DST = "eth.dst"\r
+\r
+\r
+def make_unique(key, dct):\r
+ counter = 0\r
+ unique_key = key\r
+\r
+ while unique_key in dct:\r
+ counter += 1\r
+ unique_key = '{}_{}'.format(key, counter)\r
+ return unique_key\r
+\r
+\r
+def parse_object_pairs(pairs):\r
+ dct = OrderedDict()\r
+ for key, value in pairs:\r
+ if key in dct:\r
+ key = make_unique(key, dct)\r
+ dct[key] = value\r
+\r
+ return dct\r
+\r
+def change_file(fpath):\r
+ for fn in os.listdir(fpath):\r
+ full_path = fpath + '/' + fn\r
+\r
+ # Recursively go through all directories\r
+ if os.path.isdir(full_path):\r
+ change_file(full_path)\r
+ continue\r
+\r
+ print full_path\r
+ with open(full_path, "r+") as jf:\r
+ # Since certain json 'keys' appear multiple times in our data, we have to make them\r
+ # unique first (we can't use regular json.load() or we lose some data points). From:\r
+ # https://stackoverflow.com/questions/29321677/python-json-parser-allow-duplicate-keys\r
+ decoder = json.JSONDecoder(object_pairs_hook=parse_object_pairs)\r
+ pcap_data = decoder.decode(jf.read())\r
+\r
+ # Prepare new data structure for re-formatted JSON storage\r
+ data = {}\r
+ for packet in pcap_data:\r
+ layers = packet[json_key_source][json_key_layers]\r
+\r
+ # All captured traffic should have a frame + frame number, but check anyway\r
+ frame_num = " Frame: "\r
+ if json_key_frame not in layers or json_key_frame_num not in layers[json_key_frame]:\r
+ print "WARNING: could not find frame number! Using -1..."\r
+ frame_num = frame_num + "-1"\r
+ else:\r
+ # Save frame number for error-reporting\r
+ frame_num = frame_num + layers[json_key_frame][json_key_frame_num]\r
+\r
+ # All captured traffic should be IP, but check anyway\r
+ if not json_key_ip in layers:\r
+ print "WARNING: Non-IP traffic detected!" + frame_num\r
+ continue\r
+\r
+ # For now, focus on HTTP only\r
+ if json_key_tcp not in layers or json_key_http not in layers:\r
+ continue\r
+\r
+ # Fill our new JSON packet with TCP/IP info\r
+ new_packet = {}\r
+ new_packet["dst_ip"] = layers[json_key_ip][json_key_ip + ".dst"]\r
+ new_packet["dst_port"] = int(layers[json_key_tcp][json_key_tcp + ".dstport"])\r
+\r
+ # JV: Also include src so we can see what device initiates the traffic\r
+ new_packet["src_ip"] = layers[json_key_ip][json_key_ip + ".src"]\r
+ new_packet["src_port"] = int(layers[json_key_tcp][json_key_tcp + ".srcport"])\r
+ #JV: Also include eth soure/destination info so that we can map traffic to physical device using MAC\r
+ new_packet[JSON_KEY_ETH_SRC] = layers[JSON_KEY_ETH][JSON_KEY_ETH_SRC]\r
+ new_packet[JSON_KEY_ETH_DST] = layers[JSON_KEY_ETH][JSON_KEY_ETH_DST]\r
+\r
+ # Go through all HTTP fields and extract the ones that are needed\r
+ http_data = layers[json_key_http]\r
+ for http_key in http_data:\r
+ http_value = http_data[http_key]\r
+\r
+ if http_key.startswith(json_key_http_req_line):\r
+ header_line = http_value.split(":", 1)\r
+ if len(header_line) != 2:\r
+ print ("WARNING: could not parse header '" + str(header_line) + "'"\r
+ + frame_num)\r
+ continue\r
+\r
+ # Prepare container for HTTP headers\r
+ if json_key_headers not in new_packet:\r
+ new_packet[json_key_headers] = {}\r
+\r
+ # Use lower case for header keys to stay consistent with our other data\r
+ header_key = header_line[0].lower()\r
+\r
+ # Remove the trailing carriage return\r
+ header_val = header_line[1].strip()\r
+\r
+ # Save the header key-value pair\r
+ new_packet[json_key_headers][header_key] = header_val\r
+\r
+ # If this is the host header, we also save it to the main object\r
+ if header_key == json_key_host:\r
+ new_packet[json_key_host] = header_val\r
+\r
+ if json_key_http_req_method in http_value:\r
+ new_packet[json_key_method] = http_value[json_key_http_req_method]\r
+ if json_key_http_req_uri in http_value:\r
+ new_packet[json_key_uri] = http_value[json_key_http_req_uri]\r
+\r
+ # End of HTTP parsing\r
+\r
+ # Check that we found the minimum needed HTTP headers\r
+ if (json_key_uri not in new_packet or json_key_method not in new_packet or\r
+ json_key_host not in new_packet):\r
+ print "Missing some HTTP Headers!" + frame_num\r
+ continue\r
+\r
+ # Extract timestamp\r
+ if json_key_frame_ts not in layers[json_key_frame]:\r
+ print "WARNING: could not find timestamp!" + frame_num\r
+ continue\r
+\r
+ new_packet["ts"] = layers[json_key_frame][json_key_frame_ts]\r
+\r
+ # Create a unique key for each packet to keep consistent with ReCon\r
+ # Also good in case packets end up in different files\r
+ data[str(uuid.uuid4())] = new_packet\r
+\r
+ # Write the new data\r
+ #print json.dumps(data, sort_keys=True, indent=4)\r
+ jf.seek(0)\r
+ jf.write(json.dumps(data, sort_keys=True, indent=4))\r
+ jf.truncate()\r
+\r
+if __name__ == '__main__':\r
+ # Needed to re-use some JSON keys\r
+ change_file(sys.argv[1])
\ No newline at end of file
projects / pingpong.git / commitdiff