From: rtrimana Date: Mon, 6 Nov 2017 18:12:10 +0000 (-0800) Subject: Restructuring files and folders X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=60a643ee2dc29700849e61d9788cbbb9af419955;p=pingpong.git Restructuring files and folders --- diff --git a/CAPture.py b/CAPture.py deleted file mode 100644 index 4d6972a..0000000 --- a/CAPture.py +++ /dev/null @@ -1,385 +0,0 @@ -#!/usr/local/bin/python2.7 - -""" ----------------------------------------------------------------------------- - CAPture - a pcap file analyzer and report generator - (c) 2017 - Rahmadi Trimananda - University of California, Irvine - Programming Language and Systems - ----------------------------------------------------------------------------- - Credits to tutorial: https://dpkt.readthedocs.io/en/latest/ - ----------------------------------------------------------------------------- -""" - -import datetime -import dpkt -from dpkt.compat import compat_ord - -import socket -import sys - -""" ----------------------------------------------------------------------------- - Global variable declarations - ----------------------------------------------------------------------------- -""" -# Command line arguments -INPUT = "-i" -OUTPUT = "-o" -POINT_TO_MANY = "-pm" -VERBOSE = "-v" - - -def mac_addr(address): - # Courtesy of: https://dpkt.readthedocs.io/en/latest/ - """ Convert a MAC address to a readable/printable string - Args: - address (str): a MAC address in hex form (e.g. '\x01\x02\x03\x04\x05\x06') - Returns: - str: Printable/readable MAC address - """ - return ':'.join('%02x' % compat_ord(b) for b in address) - - -def inet_to_str(inet): - # Courtesy of: https://dpkt.readthedocs.io/en/latest/ - """ Convert inet object to a string - Args: - inet (inet struct): inet network address - Returns: - str: Printable/readable IP address - """ - # First try ipv4 and then ipv6 - try: - return socket.inet_ntop(socket.AF_INET, inet) - except ValueError: - return socket.inet_ntop(socket.AF_INET6, inet) - - -def show_usage(): - """ Show usage of this Python script - """ - print "Usage: python CAPture.py [ -i .pcap ] [ -o .pcap ] [ -pm ] [ -v ]" - print - print "[ -o ] = output file" - print "[ -pm ] = point-to-many analysis" - print "[ -v ] = verbose output" - print "By default, this script does simple statistical analysis of IP, TCP, and UDP packets." - print "(c) 2017 - University of California, Irvine - Programming Language and Systems" - - -def show_progress(verbose, counter): - """ Show packet processing progress - Args: - verbose: verbose output (True/False) - counter: counter of all packets - """ - if verbose: - print "Processing packet number: ", counter - else: - if counter % 100000 == 0: - print "Processing %s packets..." % counter - - -def show_summary(counter, ip_counter, tcp_counter, udp_counter): - """ Show summary of statistics of PCAP file - Args: - counter: counter of all packets - ip_counter: counter of all IP packets - tcp_counter: counter of all TCP packets - udp_counter: counter of all UDP packets - """ - print - print "Total number of packets in the pcap file: ", counter - print "Total number of ip packets: ", ip_counter - print "Total number of tcp packets: ", tcp_counter - print "Total number of udp packets: ", udp_counter - print - - -def save_to_file(tbl_header, dictionary, filename_out): - """ Show summary of statistics of PCAP file - Args: - tbl_header: header for the saved table - dictionary: dictionary to be saved - filename_out: file name to save - """ - # Appending, not overwriting! - f = open(filename_out, 'a') - # Write the table header - f.write("\n\n" + str(tbl_header) + "\n"); - # Iterate over dictionary and write (key, value) pairs - for key, value in dictionary.iteritems(): - f.write(str(key) + ", " + str(value) + "\n") - - f.close() - print "Writing output to file: ", filename_out - - -def statistical_analysis(verbose, pcap, counter, ip_counter, tcp_counter, udp_counter): - """ This is the default analysis of packet statistics (generic) - Args: - verbose: verbose output (True/False) - pcap: object that handles PCAP file content - counter: counter of all packets - ip_counter: counter of all IP packets - tcp_counter: counter of all TCP packets - udp_counter: counter of all UDP packets - """ - for time_stamp, packet in pcap: - - counter += 1 - eth = dpkt.ethernet.Ethernet(packet) - - if verbose: - # Print out the timestamp in UTC - print "Timestamp: ", str(datetime.datetime.utcfromtimestamp(time_stamp)) - # Print out the MAC addresses - print "Ethernet frame: ", mac_addr(eth.src), mac_addr(eth.dst), eth.data.__class__.__name__ - - # Process only IP data - if not isinstance(eth.data, dpkt.ip.IP): - - is_ip = False - if verbose: - print "Non IP packet type not analyzed... skipping..." - else: - is_ip = True - - if is_ip: - ip = eth.data - ip_counter += 1 - - # Pull out fragment information (flags and offset all packed into off field, so use bitmasks) - do_not_fragment = bool(ip.off & dpkt.ip.IP_DF) - more_fragments = bool(ip.off & dpkt.ip.IP_MF) - fragment_offset = ip.off & dpkt.ip.IP_OFFMASK - - if verbose: - # Print out the complete IP information - print "IP: %s -> %s (len=%d ttl=%d DF=%d MF=%d offset=%d)\n" % \ - (inet_to_str(ip.src), inet_to_str(ip.dst), ip.len, ip.ttl, do_not_fragment, - more_fragments, fragment_offset) - - # Count TCP packets - if ip.p == dpkt.ip.IP_PROTO_TCP: - tcp_counter += 1 - - # Count UDP packets - if ip.p == dpkt.ip.IP_PROTO_UDP: - udp_counter += 1 - - show_progress(verbose, counter) - - # Print general statistics - show_summary(counter, ip_counter, tcp_counter, udp_counter) - - -def point_to_many_analysis(filename_out, dev_add, verbose, pcap, counter, ip_counter, - tcp_counter, udp_counter): - """ This analysis presents how 1 device (MAC address or IP address) communicates - to every other device in the analyzed PCAP file. - Args: - dev_add: device address (MAC or IP address) - verbose: verbose output (True/False) - pcap: object that handles PCAP file content - counter: counter of all packets - ip_counter: counter of all IP packets - tcp_counter: counter of all TCP packets - udp_counter: counter of all UDP packets - """ - # Dictionary that preserves the mapping between destination address to frequency - mac2freq = dict() - ip2freq = dict() - for time_stamp, packet in pcap: - - counter += 1 - eth = dpkt.ethernet.Ethernet(packet) - - # Save the timestamp and MAC addresses - tstamp = str(datetime.datetime.utcfromtimestamp(time_stamp)) - mac_src = mac_addr(eth.src) - mac_dst = mac_addr(eth.dst) - - # Process only IP data - if not isinstance(eth.data, dpkt.ip.IP): - - is_ip = False - if verbose: - print "Non IP packet type not analyzed... skipping..." - print - else: - is_ip = True - - if is_ip: - ip = eth.data - ip_counter += 1 - - # Pull out fragment information (flags and offset all packed into off field, so use bitmasks) - do_not_fragment = bool(ip.off & dpkt.ip.IP_DF) - more_fragments = bool(ip.off & dpkt.ip.IP_MF) - fragment_offset = ip.off & dpkt.ip.IP_OFFMASK - - # Save IP addresses - ip_src = inet_to_str(ip.src) - ip_dst = inet_to_str(ip.dst) - - if verbose: - # Print out the complete IP information - print "IP: %s -> %s (len=%d ttl=%d DF=%d MF=%d offset=%d)\n" % \ - (ip_src, ip_dst, ip.len, ip.ttl, do_not_fragment, - more_fragments, fragment_offset) - - # Categorize packets based on source device address - # Save the destination device addresses (point-to-many) - if dev_add == ip_src: - if ip_dst in ip2freq: - freq = ip2freq[ip_dst] - ip2freq[ip_dst] = freq + 1 - else: - ip2freq[ip_dst] = 1 - - if dev_add == mac_src: - if mac_dst in ip2freq: - freq = mac2freq[mac_dst] - mac2freq[mac_dst] = freq + 1 - else: - mac2freq[mac_dst] = 1 - - # Count TCP packets - if ip.p == dpkt.ip.IP_PROTO_TCP: - tcp_counter += 1 - - # Count UDP packets - if ip.p == dpkt.ip.IP_PROTO_UDP: - udp_counter += 1 - - show_progress(verbose, counter) - - # Print general statistics - show_summary(counter, ip_counter, tcp_counter, udp_counter) - # Save results into file if filename_out is not empty - if not filename_out == "": - print "Saving results into file: ", filename_out - ip_tbl_header = "Point-to-many Analysis - IP destinations for " + dev_add - mac_tbl_header = "Point-to-many Analysis - MAC destinations for " + dev_add - save_to_file(ip_tbl_header, ip2freq, filename_out) - save_to_file(mac_tbl_header, mac2freq, filename_out) - else: - print "Output file name is not specified... exitting now!" - - -def parse_cli_args(argv): - """ Parse command line arguments and store them in a dictionary - Args: - argv: list of command line arguments and their values - Returns: - str: dictionary that maps arguments to their values - """ - options = dict() - # First argument is "CAPture.py", so skip it - argv = argv[1:] - # Loop and collect arguments and their values - while argv: - print "Examining argument: ", argv[0] - # Check the first character of each argv list - # If it is a '-' then it is a command line argument - if argv[0][0] == '-': - if argv[0] == VERBOSE: - # We don't have value for the argument VERBOSE - options[argv[0]] = argv[0] - # Remove one command line argument and its value - argv = argv[1:] - else: - options[argv[0]] = argv[1] - # Remove one command line argument and its value - argv = argv[2:] - - return options - - -""" ----------------------------------------------------------------------------- - Main Running Methods - ----------------------------------------------------------------------------- -""" -def main(): - # Variable declarations - global CAP_EXTENSION - global PCAP_EXTENSION - global VERBOSE - global POINT_TO_MANY - - # Counters - counter = 0 - ip_counter = 0 - tcp_counter = 0 - udp_counter = 0 - # Booleans as flags - verbose = False - is_ip = True - is_statistical_analysis = True - is_point_to_many_analysis = False - # Names - filename_in = "" - filename_out = "" - dev_add = "" - - # Welcome message - print - print "Welcome to CAPture version 1.0 - A PCAP file instant analyzer!" - - # Get file name from user input - # Show usage if file name is not specified (only accept 1 file name for now) - if len(sys.argv) < 2: - show_usage() - print - return - - # Check and process sys.argv - options = parse_cli_args(sys.argv) - for key, value in options.iteritems(): - # Process "-i" - input PCAP file - if key == INPUT: - filename_in = value - elif key == OUTPUT: - filename_out = value - elif key == VERBOSE: - verbose = True - elif key == POINT_TO_MANY: - is_statistical_analysis = False - is_point_to_many_analysis = True - dev_add = value - - # Show manual again if input is not correct - if filename_in == "": - print "File name is empty!" - print - show_usage() - print - return - - # dev_add is needed for these analyses - if is_point_to_many_analysis and dev_add == "": - print "Device address is empty!" - print - show_usage() - print - return - - # One PCAP file name is specified - now analyze! - print "Analyzing PCAP file: ", filename_in - - # Opening and analyzing PCAP file - f = open(filename_in,'rb') - pcap = dpkt.pcap.Reader(f) - - # Choose from the existing options - if is_statistical_analysis: - statistical_analysis(verbose, pcap, counter, ip_counter, tcp_counter, udp_counter) - elif is_point_to_many_analysis: - point_to_many_analysis(filename_out, dev_add, verbose, pcap, counter, ip_counter, - tcp_counter, udp_counter) - - -if __name__ == "__main__": - # call main function since this is being run as the start - main() - - diff --git a/base_gefx_generator.py b/base_gefx_generator.py deleted file mode 100644 index 703fe45..0000000 --- a/base_gefx_generator.py +++ /dev/null @@ -1,126 +0,0 @@ -#!/usr/bin/python - -""" -Script that constructs a graph in which hosts are nodes. -An edge between two hosts indicate that the hosts communicate. -Hosts are labeled and identified by their IPs. -The graph is written to a file in Graph Exchange XML format for later import and visual inspection in Gephi. - -The input to this script is the JSON output by extract_from_tshark.py by Anastasia Shuba. - -This script is a simplification of Milad Asgari's parser_data_to_gephi.py script. -It serves as a baseline for future scripts that want to include more information in the graph. -""" - -import socket -import json -import tldextract -import networkx as nx -import sys -from decimal import * - -import parse_dns - -JSON_KEY_ETH_SRC = "eth.src" -JSON_KEY_ETH_DST = "eth.dst" - -def parse_json(file_path): - - device_dns_mappings = parse_dns.parse_json_dns("./dns.json") - - # Init empty graph - G = nx.DiGraph() - with open(file_path) as jf: - # Read JSON. - # data becomes reference to root JSON object (or in our case json array) - data = json.load(jf) - # Loop through json objects in data - for k in data: - # Fetch timestamp of packet - packet_timestamp = Decimal(data[k]["ts"]) - # Fetch eth source and destination info - eth_src = data[k][JSON_KEY_ETH_SRC] - eth_dst = data[k][JSON_KEY_ETH_DST] - # Traffic can be both outbound and inbound. - # Determine which one of the two by looking up device MAC in DNS map. - iot_device = None - if eth_src in device_dns_mappings: - iot_device = eth_src - elif eth_dst in device_dns_mappings: - iot_device = eth_dst - else: - print "[ WARNING: DNS mapping not found for device with MAC", eth_src, "OR", eth_dst, "]" - # This must be local communication between two IoT devices OR an IoT device talking to a hardcoded IP. - # For now let's assume local communication. - # Add a node for each device and an edge between them. - G.add_node(eth_src) - G.add_node(eth_dst) - G.add_edge(eth_src, eth_dst) - # TODO add regex check on src+dst IP to figure out if hardcoded server IP (e.g. check if one of the two are NOT a 192.168.x.y IP) - continue - # It is outbound traffic if iot_device matches src, otherwise it must be inbound traffic. - outbound_traffic = iot_device == eth_src - - ''' Graph construction ''' - # No need to check if the Nodes and/or Edges we add already exist: - # NetworkX won't add already existing nodes/edges (except in the case of a MultiGraph or MultiDiGraph (see NetworkX doc)). - - # Add a node for each host. - # First add node for IoT device. - G.add_node(iot_device) - # Then add node for the server. - # For this we need to distinguish between outbound and inbound traffic so that we look up the proper IP in our DNS map. - # For outbound traffic, the server's IP is the destination IP. - # For inbound traffic, the server's IP is the source IP. - server_ip = data[k]["dst_ip"] if outbound_traffic else data[k]["src_ip"] - hostname = device_dns_mappings[iot_device].hostname_for_ip_at_time(server_ip, packet_timestamp) - if hostname is None: - # TODO this can occur when two local devices communicate OR if IoT device has hardcoded server IP. - # However, we only get here for the DNS that have not performed any DNS lookups - # We should use a regex check early in the loop to see if it is two local devices communicating. - # This way we would not have to consider these corner cases later on. - print "[ WARNING: no ip-hostname mapping found for ip", server_ip, " -- adding eth.src->eth.dst edge, but note that this may be incorrect if IoT device has hardcoded server IP ]" - G.add_node(eth_src) - G.add_node(eth_dst) - G.add_edge(eth_src, eth_dst) - continue - G.add_node(hostname) - # Connect the two nodes we just added. - if outbound_traffic: - G.add_edge(iot_device, hostname) - else: - G.add_edge(hostname, iot_device) - return G - -# ------------------------------------------------------ -# Not currently used. -# Might be useful later on if we wish to resolve IPs. -def get_domain(host): - ext_result = tldextract.extract(str(host)) - # Be consistent with ReCon and keep suffix - domain = ext_result.domain + "." + ext_result.suffix - return domain - -def is_IP(addr): - try: - socket.inet_aton(addr) - return True - except socket.error: - return False -# ------------------------------------------------------ - -if __name__ == '__main__': - if len(sys.argv) < 3: - print "Usage:", sys.argv[0], "input_file output_file" - print "outfile_file should end in .gexf" - sys.exit(0) - # Input file: Path to JSON file generated from tshark JSON output using Anastasia's script (extract_from_tshark.py). - input_file = sys.argv[1] - print "[ input_file =", input_file, "]" - # Output file: Path to file where the Gephi XML should be written. - output_file = sys.argv[2] - print "[ output_file =", output_file, "]" - # Construct graph from JSON - G = parse_json(input_file) - # Write Graph in Graph Exchange XML format - nx.write_gexf(G, output_file) diff --git a/dns.json b/dns.json deleted file mode 100644 index 43f3eb5..0000000 --- a/dns.json +++ /dev/null @@ -1,40632 +0,0 @@ -[ - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 17:07:51.560156000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508458071.560156000", - "frame.time_delta": "1.053360000", - "frame.time_delta_displayed": "0.000000000", - "frame.time_relative": "359.154952000", - "frame.number": "380", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x0000c5d4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000f2e8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "35041", - "udp.dstport": "53", - "udp.port": "35041", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000d04f", - "udp.checksum.status": "2", - "udp.stream": "19" - }, - "dns": { - "dns.response_in": "381", - "dns.id": "0x00000487", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 17:07:51.597999000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508458071.597999000", - "frame.time_delta": "0.037843000", - "frame.time_delta_displayed": "0.037843000", - "frame.time_relative": "359.192795000", - "frame.number": "381", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x00001e6a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000989e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "35041", - "udp.port": "53", - "udp.port": "35041", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "19" - }, - "dns": { - "dns.response_to": "380", - "dns.time": "0.037843000", - "dns.id": "0x00000487", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "115", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "13313", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.113" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.125" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "485", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "485", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "485", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "485", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "485", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "485", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "485", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "485", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "485", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3795", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.229": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2515", - "dns.resp.len": "4", - "dns.a": "173.197.192.229" - }, - "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.229": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3016", - "dns.resp.len": "4", - "dns.a": "173.197.192.229" - }, - "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.241": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3200", - "dns.resp.len": "4", - "dns.a": "165.254.134.241" - }, - "n4b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2106", - "dns.resp.len": "4", - "dns.a": "204.1.137.41" - }, - "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.33": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3857", - "dns.resp.len": "4", - "dns.a": "204.1.137.33" - }, - "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3654", - "dns.resp.len": "4", - "dns.a": "165.254.16.95" - }, - "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.239": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3718", - "dns.resp.len": "4", - "dns.a": "165.254.134.239" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2491", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 17:22:51.607393000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508458971.607393000", - "frame.time_delta": "4.029605000", - "frame.time_delta_displayed": "900.009394000", - "frame.time_relative": "1259.202189000", - "frame.number": "1239", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x00000103", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b7ba", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57902", - "udp.dstport": "53", - "udp.port": "57902", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x00007701", - "udp.checksum.status": "2", - "udp.stream": "36" - }, - "dns": { - "dns.response_in": "1240", - "dns.id": "0x00000488", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 17:22:51.678853000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508458971.678853000", - "frame.time_delta": "0.071460000", - "frame.time_delta_displayed": "0.071460000", - "frame.time_relative": "1259.273649000", - "frame.number": "1240", - "frame.len": "467", - "frame.cap_len": "467", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "453", - "ip.id": "0x00004f7c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000067ba", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "57902", - "udp.port": "53", - "udp.port": "57902", - "udp.length": "433", - "udp.checksum": "0x000083b4", - "udp.checksum.status": "2", - "udp.stream": "36" - }, - "dns": { - "dns.response_to": "1239", - "dns.time": "0.071460000", - "dns.id": "0x00000488", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "8", - "dns.count.add_rr": "8", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "115", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "12413", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.113" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.125" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "587", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "587", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "587", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "587", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "587", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "587", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "587", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "587", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2895", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.229": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1615", - "dns.resp.len": "4", - "dns.a": "173.197.192.229" - }, - "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.229": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2116", - "dns.resp.len": "4", - "dns.a": "173.197.192.229" - }, - "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.241": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2300", - "dns.resp.len": "4", - "dns.a": "165.254.134.241" - }, - "n4b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1206", - "dns.resp.len": "4", - "dns.a": "204.1.137.41" - }, - "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.33": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2957", - "dns.resp.len": "4", - "dns.a": "204.1.137.33" - }, - "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2754", - "dns.resp.len": "4", - "dns.a": "165.254.16.95" - }, - "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.239": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2818", - "dns.resp.len": "4", - "dns.a": "165.254.134.239" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 17:33:23.045476000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508459603.045476000", - "frame.time_delta": "1.106645000", - "frame.time_delta_displayed": "631.366623000", - "frame.time_relative": "1890.640272000", - "frame.number": "1873", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00001f1b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000999f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "44067", - "udp.dstport": "53", - "udp.port": "44067", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00001491", - "udp.checksum.status": "2", - "udp.stream": "51" - }, - "dns": { - "dns.response_in": "1874", - "dns.id": "0x00000489", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 17:33:23.047090000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508459603.047090000", - "frame.time_delta": "0.001614000", - "frame.time_delta_displayed": "0.001614000", - "frame.time_relative": "1890.641886000", - "frame.number": "1874", - "frame.len": "137", - "frame.cap_len": "137", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "123", - "ip.id": "0x00002b52", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008d2e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "44067", - "udp.port": "53", - "udp.port": "44067", - "udp.length": "103", - "udp.checksum": "0x0000826a", - "udp.checksum.status": "2", - "udp.stream": "51" - }, - "dns": { - "dns.response_to": "1873", - "dns.time": "0.001614000", - "dns.id": "0x00000489", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "1", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - }, - "Authoritative nameservers": { - "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "6", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "643", - "dns.resp.len": "46", - "dns.soa.mname": "ns1.ext.philips.com", - "dns.soa.rname": "ddi-authority.philips.com", - "dns.soa.serial_number": "387", - "dns.soa.refresh_interval": "1200", - "dns.soa.retry_interval": "300", - "dns.soa.expire_limit": "1209600", - "dns.soa.mininum_ttl": "3600" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 17:33:23.048272000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508459603.048272000", - "frame.time_delta": "0.001182000", - "frame.time_delta_displayed": "0.001182000", - "frame.time_relative": "1890.643068000", - "frame.number": "1875", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00001f1c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000999e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "51510", - "udp.dstport": "53", - "udp.port": "51510", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000127d", - "udp.checksum.status": "2", - "udp.stream": "52" - }, - "dns": { - "dns.response_in": "1876", - "dns.id": "0x0000048a", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 17:33:23.049516000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508459603.049516000", - "frame.time_delta": "0.001244000", - "frame.time_delta_displayed": "0.001244000", - "frame.time_relative": "1890.644312000", - "frame.number": "1876", - "frame.len": "285", - "frame.cap_len": "285", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "271", - "ip.id": "0x00002b53", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008c99", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "51510", - "udp.port": "53", - "udp.port": "51510", - "udp.length": "251", - "udp.checksum": "0x000082fe", - "udp.checksum.status": "2", - "udp.stream": "52" - }, - "dns": { - "dns.response_to": "1875", - "dns.time": "0.001244000", - "dns.id": "0x0000048a", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "3", - "dns.count.add_rr": "6", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "644", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - }, - "Authoritative nameservers": { - "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "644", - "dns.resp.len": "10", - "dns.ns": "ns1.ext.philips.com" - }, - "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "644", - "dns.resp.len": "6", - "dns.ns": "ns2.ext.philips.com" - }, - "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "644", - "dns.resp.len": "6", - "dns.ns": "ns3.ext.philips.com" - } - }, - "Additional records": { - "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { - "dns.resp.name": "ns1.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "155007", - "dns.resp.len": "4", - "dns.a": "57.67.40.20" - }, - "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3438", - "dns.resp.len": "4", - "dns.a": "57.77.21.76" - }, - "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3438", - "dns.resp.len": "4", - "dns.a": "57.73.36.68" - }, - "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { - "dns.resp.name": "ns1.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "158626", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce89:8001::57:67:40:20" - }, - "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "151199", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" - }, - "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "151199", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce9d:1::57:73:36:68" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 17:33:23.470381000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508459603.470381000", - "frame.time_delta": "0.000880000", - "frame.time_delta_displayed": "0.420865000", - "frame.time_relative": "1891.065177000", - "frame.number": "1892", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00001f22", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009998", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "44843", - "udp.dstport": "53", - "udp.port": "44843", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00001187", - "udp.checksum.status": "2", - "udp.stream": "53" - }, - "dns": { - "dns.response_in": "1893", - "dns.id": "0x0000048b", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 17:33:23.470880000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508459603.470880000", - "frame.time_delta": "0.000499000", - "frame.time_delta_displayed": "0.000499000", - "frame.time_relative": "1891.065676000", - "frame.number": "1893", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00002b76", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008d44", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "44843", - "udp.port": "53", - "udp.port": "44843", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "53" - }, - "dns": { - "dns.response_to": "1892", - "dns.time": "0.000499000", - "dns.id": "0x0000048b", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 17:33:23.471684000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508459603.471684000", - "frame.time_delta": "0.000804000", - "frame.time_delta_displayed": "0.000804000", - "frame.time_relative": "1891.066480000", - "frame.number": "1894", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00001f23", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009997", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "40021", - "udp.dstport": "53", - "udp.port": "40021", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00003f5c", - "udp.checksum.status": "2", - "udp.stream": "54" - }, - "dns": { - "dns.response_in": "1895", - "dns.id": "0x0000048c", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 17:33:23.472192000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508459603.472192000", - "frame.time_delta": "0.000508000", - "frame.time_delta_displayed": "0.000508000", - "frame.time_relative": "1891.066988000", - "frame.number": "1895", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x00002b77", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008d33", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "40021", - "udp.port": "53", - "udp.port": "40021", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "54" - }, - "dns": { - "dns.response_to": "1894", - "dns.time": "0.000508000", - "dns.id": "0x0000048c", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "644", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 17:37:51.689099000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508459871.689099000", - "frame.time_delta": "0.145237000", - "frame.time_delta_displayed": "268.216907000", - "frame.time_relative": "2159.283895000", - "frame.number": "2153", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x000053f4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000064c9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "49510", - "udp.dstport": "53", - "udp.port": "49510", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x000097c4", - "udp.checksum.status": "2", - "udp.stream": "60" - }, - "dns": { - "dns.response_in": "2154", - "dns.id": "0x0000048d", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 17:37:51.695550000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508459871.695550000", - "frame.time_delta": "0.006451000", - "frame.time_delta_displayed": "0.006451000", - "frame.time_relative": "2159.290346000", - "frame.number": "2154", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x0000851c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000031ec", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "49510", - "udp.port": "53", - "udp.port": "49510", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "60" - }, - "dns": { - "dns.response_to": "2153", - "dns.time": "0.006451000", - "dns.id": "0x0000048d", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "141", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "13111", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.125" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.113" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2774", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2774", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2774", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2774", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2774", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2774", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2774", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2774", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2774", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "294", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 165.254.134.240": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4838", - "dns.resp.len": "4", - "dns.a": "165.254.134.240" - }, - "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.89": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "7614", - "dns.resp.len": "4", - "dns.a": "165.254.16.89" - }, - "n3b.akamaiedge.net: type A, class IN, addr 165.254.16.90": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3676", - "dns.resp.len": "4", - "dns.a": "165.254.16.90" - }, - "n4b.akamaiedge.net: type A, class IN, addr 165.254.16.94": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4084", - "dns.resp.len": "4", - "dns.a": "165.254.16.94" - }, - "n5b.akamaiedge.net: type A, class IN, addr 165.254.134.244": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4641", - "dns.resp.len": "4", - "dns.a": "165.254.134.244" - }, - "n6b.akamaiedge.net: type A, class IN, addr 165.254.134.246": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "218", - "dns.resp.len": "4", - "dns.a": "165.254.134.246" - }, - "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.232": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2322", - "dns.resp.len": "4", - "dns.a": "165.254.134.232" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4774", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 17:52:51.705423000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508460771.705423000", - "frame.time_delta": "3.937809000", - "frame.time_delta_displayed": "900.009873000", - "frame.time_relative": "3059.300219000", - "frame.number": "2958", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x0000b28e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000062f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "59344", - "udp.dstport": "53", - "udp.port": "59344", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x00007159", - "udp.checksum.status": "2", - "udp.stream": "72" - }, - "dns": { - "dns.response_in": "2959", - "dns.id": "0x0000048e", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 17:52:51.715857000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508460771.715857000", - "frame.time_delta": "0.010434000", - "frame.time_delta_displayed": "0.010434000", - "frame.time_relative": "3059.310653000", - "frame.number": "2959", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x0000ca5c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ecab", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "59344", - "udp.port": "53", - "udp.port": "59344", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "72" - }, - "dns": { - "dns.response_to": "2958", - "dns.time": "0.010434000", - "dns.id": "0x0000048e", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "116", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "10613", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.113" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.125" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2787", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2787", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2787", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2787", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2787", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2787", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2787", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2787", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2787", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1095", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "7816", - "dns.resp.len": "4", - "dns.a": "184.51.200.159" - }, - "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.229": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "316", - "dns.resp.len": "4", - "dns.a": "173.197.192.229" - }, - "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.241": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "500", - "dns.resp.len": "4", - "dns.a": "165.254.134.241" - }, - "n4b.akamaiedge.net: type A, class IN, addr 165.254.134.244": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5409", - "dns.resp.len": "4", - "dns.a": "165.254.134.244" - }, - "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.33": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1157", - "dns.resp.len": "4", - "dns.a": "204.1.137.33" - }, - "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "954", - "dns.resp.len": "4", - "dns.a": "165.254.16.95" - }, - "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.239": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1018", - "dns.resp.len": "4", - "dns.a": "165.254.134.239" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5792", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 18:07:51.725149000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508461671.725149000", - "frame.time_delta": "2.951813000", - "frame.time_delta_displayed": "900.009292000", - "frame.time_relative": "3959.319945000", - "frame.number": "3816", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x0000ba5a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000fe62", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "34709", - "udp.dstport": "53", - "udp.port": "34709", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000d193", - "udp.checksum.status": "2", - "udp.stream": "84" - }, - "dns": { - "dns.response_in": "3817", - "dns.id": "0x0000048f", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 18:07:51.735281000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508461671.735281000", - "frame.time_delta": "0.010132000", - "frame.time_delta_displayed": "0.010132000", - "frame.time_relative": "3959.330077000", - "frame.number": "3817", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x00004a90", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006c78", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "34709", - "udp.port": "53", - "udp.port": "34709", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "84" - }, - "dns": { - "dns.response_to": "3816", - "dns.time": "0.010132000", - "dns.id": "0x0000048f", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "142", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "11311", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.125" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.113" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "974", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "974", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "974", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "974", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "974", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "974", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "974", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "974", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "974", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2496", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 165.254.134.240": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3038", - "dns.resp.len": "4", - "dns.a": "165.254.134.240" - }, - "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.89": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5814", - "dns.resp.len": "4", - "dns.a": "165.254.16.89" - }, - "n3b.akamaiedge.net: type A, class IN, addr 165.254.16.90": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1876", - "dns.resp.len": "4", - "dns.a": "165.254.16.90" - }, - "n4b.akamaiedge.net: type A, class IN, addr 165.254.16.94": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2284", - "dns.resp.len": "4", - "dns.a": "165.254.16.94" - }, - "n5b.akamaiedge.net: type A, class IN, addr 165.254.134.244": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2841", - "dns.resp.len": "4", - "dns.a": "165.254.134.244" - }, - "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.93": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2419", - "dns.resp.len": "4", - "dns.a": "165.254.16.93" - }, - "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.232": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "522", - "dns.resp.len": "4", - "dns.a": "165.254.134.232" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2974", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 18:12:56.852097000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508461976.852097000", - "frame.time_delta": "3.045152000", - "frame.time_delta_displayed": "305.116816000", - "frame.time_relative": "4264.446893000", - "frame.number": "5571", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x0000f879", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c03c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "46881", - "udp.dstport": "53", - "udp.port": "46881", - "udp.port": "53", - "udp.length": "49", - "udp.checksum": "0x0000d1bd", - "udp.checksum.status": "2", - "udp.stream": "89" - }, - "dns": { - "dns.response_in": "5572", - "dns.id": "0x00000490", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "diagnostics.meethue.com: type A, class IN": { - "dns.qry.name": "diagnostics.meethue.com", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 18:12:56.936468000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508461976.936468000", - "frame.time_delta": "0.084371000", - "frame.time_delta_displayed": "0.084371000", - "frame.time_relative": "4264.531264000", - "frame.number": "5572", - "frame.len": "297", - "frame.cap_len": "297", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "283", - "ip.id": "0x00008c6e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002b72", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "46881", - "udp.port": "53", - "udp.port": "46881", - "udp.length": "263", - "udp.checksum": "0x0000830a", - "udp.checksum.status": "2", - "udp.stream": "89" - }, - "dns": { - "dns.response_to": "5571", - "dns.time": "0.084371000", - "dns.id": "0x00000490", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "3", - "dns.count.add_rr": "6", - "Queries": { - "diagnostics.meethue.com: type A, class IN": { - "dns.qry.name": "diagnostics.meethue.com", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "diagnostics.meethue.com: type A, class IN, addr 130.211.67.12": { - "dns.resp.name": "diagnostics.meethue.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "300", - "dns.resp.len": "4", - "dns.a": "130.211.67.12" - } - }, - "Authoritative nameservers": { - "meethue.com: type NS, class IN, ns ns2.ext.philips.com": { - "dns.resp.name": "meethue.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3600", - "dns.resp.len": "18", - "dns.ns": "ns2.ext.philips.com" - }, - "meethue.com: type NS, class IN, ns ns3.ext.philips.com": { - "dns.resp.name": "meethue.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3600", - "dns.resp.len": "6", - "dns.ns": "ns3.ext.philips.com" - }, - "meethue.com: type NS, class IN, ns ns1.ext.philips.com": { - "dns.resp.name": "meethue.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3600", - "dns.resp.len": "6", - "dns.ns": "ns1.ext.philips.com" - } - }, - "Additional records": { - "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { - "dns.resp.name": "ns1.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "172800", - "dns.resp.len": "4", - "dns.a": "57.67.40.20" - }, - "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "172800", - "dns.resp.len": "4", - "dns.a": "57.77.21.76" - }, - "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "172800", - "dns.resp.len": "4", - "dns.a": "57.73.36.68" - }, - "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { - "dns.resp.name": "ns1.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2611", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce89:8001::57:67:40:20" - }, - "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "62777", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" - }, - "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "62777", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce9d:1::57:73:36:68" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 18:22:51.746902000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508462571.746902000", - "frame.time_delta": "2.037142000", - "frame.time_delta_displayed": "594.810434000", - "frame.time_relative": "4859.341698000", - "frame.number": "6175", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x0000f884", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c038", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "54444", - "udp.dstport": "53", - "udp.port": "54444", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000847a", - "udp.checksum.status": "2", - "udp.stream": "97" - }, - "dns": { - "dns.response_in": "6176", - "dns.id": "0x00000491", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 18:22:51.772932000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508462571.772932000", - "frame.time_delta": "0.026030000", - "frame.time_delta_displayed": "0.026030000", - "frame.time_relative": "4859.367728000", - "frame.number": "6176", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x00004cfa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006a0e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "54444", - "udp.port": "53", - "udp.port": "54444", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "97" - }, - "dns": { - "dns.response_to": "6175", - "dns.time": "0.026030000", - "dns.id": "0x00000491", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "116", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "8813", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.113" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.125" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "987", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "987", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "987", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "987", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "987", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "987", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "987", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "987", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "987", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3296", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6016", - "dns.resp.len": "4", - "dns.a": "184.51.200.159" - }, - "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.188": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6518", - "dns.resp.len": "4", - "dns.a": "96.17.70.188" - }, - "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.190": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2701", - "dns.resp.len": "4", - "dns.a": "96.17.70.190" - }, - "n4b.akamaiedge.net: type A, class IN, addr 165.254.134.244": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3609", - "dns.resp.len": "4", - "dns.a": "165.254.134.244" - }, - "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "7358", - "dns.resp.len": "4", - "dns.a": "165.254.16.89" - }, - "n6b.akamaiedge.net: type A, class IN, addr 184.51.200.166": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3156", - "dns.resp.len": "4", - "dns.a": "184.51.200.166" - }, - "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5219", - "dns.resp.len": "4", - "dns.a": "165.254.16.92" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3992", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 18:33:21.624384000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508463201.624384000", - "frame.time_delta": "0.266457000", - "frame.time_delta_displayed": "629.851452000", - "frame.time_relative": "5489.219180000", - "frame.number": "6744", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000bf31", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000f988", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "37292", - "udp.dstport": "53", - "udp.port": "37292", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00002eff", - "udp.checksum.status": "2", - "udp.stream": "102" - }, - "dns": { - "dns.response_in": "6745", - "dns.id": "0x00000492", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 18:33:21.626468000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508463201.626468000", - "frame.time_delta": "0.002084000", - "frame.time_delta_displayed": "0.002084000", - "frame.time_relative": "5489.221264000", - "frame.number": "6745", - "frame.len": "137", - "frame.cap_len": "137", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "123", - "ip.id": "0x00003f71", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000790f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "37292", - "udp.port": "53", - "udp.port": "37292", - "udp.length": "103", - "udp.checksum": "0x0000826a", - "udp.checksum.status": "2", - "udp.stream": "102" - }, - "dns": { - "dns.response_to": "6744", - "dns.time": "0.002084000", - "dns.id": "0x00000492", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "1", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - }, - "Authoritative nameservers": { - "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "6", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3220", - "dns.resp.len": "46", - "dns.soa.mname": "ns1.ext.philips.com", - "dns.soa.rname": "ddi-authority.philips.com", - "dns.soa.serial_number": "387", - "dns.soa.refresh_interval": "1200", - "dns.soa.retry_interval": "300", - "dns.soa.expire_limit": "1209600", - "dns.soa.mininum_ttl": "3600" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 18:33:21.627301000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508463201.627301000", - "frame.time_delta": "0.000833000", - "frame.time_delta_displayed": "0.000833000", - "frame.time_relative": "5489.222097000", - "frame.number": "6746", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000bf32", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000f987", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "54874", - "udp.dstport": "53", - "udp.port": "54874", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00000550", - "udp.checksum.status": "2", - "udp.stream": "103" - }, - "dns": { - "dns.response_in": "6747", - "dns.id": "0x00000493", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 18:33:21.628812000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508463201.628812000", - "frame.time_delta": "0.001511000", - "frame.time_delta_displayed": "0.001511000", - "frame.time_relative": "5489.223608000", - "frame.number": "6747", - "frame.len": "285", - "frame.cap_len": "285", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "271", - "ip.id": "0x00003f72", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000787a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "54874", - "udp.port": "53", - "udp.port": "54874", - "udp.length": "251", - "udp.checksum": "0x000082fe", - "udp.checksum.status": "2", - "udp.stream": "103" - }, - "dns": { - "dns.response_to": "6746", - "dns.time": "0.001511000", - "dns.id": "0x00000493", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "3", - "dns.count.add_rr": "6", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2985", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - }, - "Authoritative nameservers": { - "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "413", - "dns.resp.len": "10", - "dns.ns": "ns1.ext.philips.com" - }, - "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "413", - "dns.resp.len": "6", - "dns.ns": "ns2.ext.philips.com" - }, - "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "413", - "dns.resp.len": "6", - "dns.ns": "ns3.ext.philips.com" - } - }, - "Additional records": { - "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { - "dns.resp.name": "ns1.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "171575", - "dns.resp.len": "4", - "dns.a": "57.67.40.20" - }, - "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "171575", - "dns.resp.len": "4", - "dns.a": "57.77.21.76" - }, - "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "171575", - "dns.resp.len": "4", - "dns.a": "57.73.36.68" - }, - "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { - "dns.resp.name": "ns1.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1386", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce89:8001::57:67:40:20" - }, - "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "61552", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" - }, - "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "61552", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce9d:1::57:73:36:68" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 18:33:22.044352000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508463202.044352000", - "frame.time_delta": "0.001668000", - "frame.time_delta_displayed": "0.415540000", - "frame.time_relative": "5489.639148000", - "frame.number": "6763", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000bf41", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000f978", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "55176", - "udp.dstport": "53", - "udp.port": "55176", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000e920", - "udp.checksum.status": "2", - "udp.stream": "104" - }, - "dns": { - "dns.response_in": "6764", - "dns.id": "0x00000494", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 18:33:22.044953000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508463202.044953000", - "frame.time_delta": "0.000601000", - "frame.time_delta_displayed": "0.000601000", - "frame.time_relative": "5489.639749000", - "frame.number": "6764", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00003f96", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007924", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "55176", - "udp.port": "53", - "udp.port": "55176", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "104" - }, - "dns": { - "dns.response_to": "6763", - "dns.time": "0.000601000", - "dns.id": "0x00000494", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 18:33:22.045769000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508463202.045769000", - "frame.time_delta": "0.000816000", - "frame.time_delta_displayed": "0.000816000", - "frame.time_relative": "5489.640565000", - "frame.number": "6765", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000bf42", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000f977", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "60660", - "udp.dstport": "53", - "udp.port": "60660", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000eeb3", - "udp.checksum.status": "2", - "udp.stream": "105" - }, - "dns": { - "dns.response_in": "6766", - "dns.id": "0x00000495", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 18:33:22.046379000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508463202.046379000", - "frame.time_delta": "0.000610000", - "frame.time_delta_displayed": "0.000610000", - "frame.time_relative": "5489.641175000", - "frame.number": "6766", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x00003f97", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007913", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "60660", - "udp.port": "53", - "udp.port": "60660", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "105" - }, - "dns": { - "dns.response_to": "6765", - "dns.time": "0.000610000", - "dns.id": "0x00000495", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2984", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 18:37:51.778249000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508463471.778249000", - "frame.time_delta": "3.324074000", - "frame.time_delta_displayed": "269.731870000", - "frame.time_relative": "5759.373045000", - "frame.number": "7048", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x00001dd7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009ae6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "36809", - "udp.dstport": "53", - "udp.port": "36809", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000c958", - "udp.checksum.status": "2", - "udp.stream": "113" - }, - "dns": { - "dns.response_in": "7049", - "dns.id": "0x00000496", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 18:37:51.799436000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508463471.799436000", - "frame.time_delta": "0.021187000", - "frame.time_delta_displayed": "0.021187000", - "frame.time_relative": "5759.394232000", - "frame.number": "7049", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x0000431d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000073eb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "36809", - "udp.port": "53", - "udp.port": "36809", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "113" - }, - "dns": { - "dns.response_to": "7048", - "dns.time": "0.021187000", - "dns.id": "0x00000496", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "116", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "7913", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.113" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.125" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "87", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "87", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "87", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "87", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "87", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "87", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "87", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "87", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "87", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2396", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5116", - "dns.resp.len": "4", - "dns.a": "184.51.200.159" - }, - "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.188": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5618", - "dns.resp.len": "4", - "dns.a": "96.17.70.188" - }, - "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.190": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1801", - "dns.resp.len": "4", - "dns.a": "96.17.70.190" - }, - "n4b.akamaiedge.net: type A, class IN, addr 165.254.134.244": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2709", - "dns.resp.len": "4", - "dns.a": "165.254.134.244" - }, - "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6458", - "dns.resp.len": "4", - "dns.a": "165.254.16.89" - }, - "n6b.akamaiedge.net: type A, class IN, addr 184.51.200.166": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2256", - "dns.resp.len": "4", - "dns.a": "184.51.200.166" - }, - "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4319", - "dns.resp.len": "4", - "dns.a": "165.254.16.92" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3092", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 18:52:51.807701000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508464371.807701000", - "frame.time_delta": "0.379478000", - "frame.time_delta_displayed": "900.008265000", - "frame.time_relative": "6659.402497000", - "frame.number": "7913", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x00009e02", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001abb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "47598", - "udp.dstport": "53", - "udp.port": "47598", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x00009f32", - "udp.checksum.status": "2", - "udp.stream": "123" - }, - "dns": { - "dns.response_in": "7914", - "dns.id": "0x00000497", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 18:52:51.814443000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508464371.814443000", - "frame.time_delta": "0.006742000", - "frame.time_delta_displayed": "0.006742000", - "frame.time_relative": "6659.409239000", - "frame.number": "7914", - "frame.len": "467", - "frame.cap_len": "467", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "453", - "ip.id": "0x0000e205", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000d530", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "47598", - "udp.port": "53", - "udp.port": "47598", - "udp.length": "433", - "udp.checksum": "0x000083b4", - "udp.checksum.status": "2", - "udp.stream": "123" - }, - "dns": { - "dns.response_to": "7913", - "dns.time": "0.006742000", - "dns.id": "0x00000497", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "8", - "dns.count.add_rr": "8", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "142", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "8611", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.113" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.125" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "275", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "275", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "275", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "275", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "275", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "275", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "275", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "275", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3797", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 165.254.134.240": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "338", - "dns.resp.len": "4", - "dns.a": "165.254.134.240" - }, - "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.89": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3114", - "dns.resp.len": "4", - "dns.a": "165.254.16.89" - }, - "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3177", - "dns.resp.len": "4", - "dns.a": "173.197.192.229" - }, - "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5586", - "dns.resp.len": "4", - "dns.a": "173.197.192.230" - }, - "n5b.akamaiedge.net: type A, class IN, addr 165.254.134.244": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "141", - "dns.resp.len": "4", - "dns.a": "165.254.134.244" - }, - "n6b.akamaiedge.net: type A, class IN, addr 173.197.192.234": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3720", - "dns.resp.len": "4", - "dns.a": "173.197.192.234" - }, - "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3824", - "dns.resp.len": "4", - "dns.a": "165.254.16.92" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 19:07:51.823654000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508465271.823654000", - "frame.time_delta": "3.748666000", - "frame.time_delta_displayed": "900.009211000", - "frame.time_relative": "7559.418450000", - "frame.number": "8671", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x0000e910", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000cfac", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "33804", - "udp.dstport": "53", - "udp.port": "33804", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000d513", - "udp.checksum.status": "2", - "udp.stream": "132" - }, - "dns": { - "dns.response_in": "8672", - "dns.id": "0x00000498", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 19:07:51.884431000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508465271.884431000", - "frame.time_delta": "0.060777000", - "frame.time_delta_displayed": "0.060777000", - "frame.time_relative": "7559.479227000", - "frame.number": "8672", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x00004cdb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006a2d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "33804", - "udp.port": "53", - "udp.port": "33804", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "132" - }, - "dns": { - "dns.response_to": "8671", - "dns.time": "0.060777000", - "dns.id": "0x00000498", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "116", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6113", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.73": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.73" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.2": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.2" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2288", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2288", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2288", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2288", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2288", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2288", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2288", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2288", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2288", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "596", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3316", - "dns.resp.len": "4", - "dns.a": "184.51.200.159" - }, - "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.188": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3818", - "dns.resp.len": "4", - "dns.a": "96.17.70.188" - }, - "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.190": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1", - "dns.resp.len": "4", - "dns.a": "96.17.70.190" - }, - "n4b.akamaiedge.net: type A, class IN, addr 165.254.134.244": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "909", - "dns.resp.len": "4", - "dns.a": "165.254.134.244" - }, - "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4658", - "dns.resp.len": "4", - "dns.a": "165.254.16.89" - }, - "n6b.akamaiedge.net: type A, class IN, addr 184.51.200.166": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "456", - "dns.resp.len": "4", - "dns.a": "184.51.200.166" - }, - "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2519", - "dns.resp.len": "4", - "dns.a": "165.254.16.92" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1292", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 19:22:51.895282000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508466171.895282000", - "frame.time_delta": "7.109343000", - "frame.time_delta_displayed": "900.010851000", - "frame.time_relative": "8459.490078000", - "frame.number": "9475", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x0000ffbc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b900", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "33283", - "udp.dstport": "53", - "udp.port": "33283", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000d71b", - "udp.checksum.status": "2", - "udp.stream": "144" - }, - "dns": { - "dns.response_in": "9476", - "dns.id": "0x00000499", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 19:22:51.906565000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508466171.906565000", - "frame.time_delta": "0.011283000", - "frame.time_delta_displayed": "0.011283000", - "frame.time_relative": "8459.501361000", - "frame.number": "9476", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x0000a915", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000df3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "33283", - "udp.port": "53", - "udp.port": "33283", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "144" - }, - "dns": { - "dns.response_to": "9475", - "dns.time": "0.011283000", - "dns.id": "0x00000499", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "142", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6811", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.112" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.125" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2475", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2475", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2475", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2475", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2475", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2475", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2475", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2475", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2475", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1997", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6539", - "dns.resp.len": "4", - "dns.a": "204.1.137.41" - }, - "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.89": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1314", - "dns.resp.len": "4", - "dns.a": "165.254.16.89" - }, - "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1377", - "dns.resp.len": "4", - "dns.a": "173.197.192.229" - }, - "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3786", - "dns.resp.len": "4", - "dns.a": "173.197.192.230" - }, - "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.37": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6342", - "dns.resp.len": "4", - "dns.a": "204.1.137.37" - }, - "n6b.akamaiedge.net: type A, class IN, addr 173.197.192.234": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1920", - "dns.resp.len": "4", - "dns.a": "173.197.192.234" - }, - "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2024", - "dns.resp.len": "4", - "dns.a": "165.254.16.92" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4475", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 19:33:22.239450000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508466802.239450000", - "frame.time_delta": "4.788057000", - "frame.time_delta_displayed": "630.332885000", - "frame.time_relative": "9089.834246000", - "frame.number": "10050", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000751c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000439e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "51418", - "udp.dstport": "53", - "udp.port": "51418", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000f7c8", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "dns": { - "dns.response_in": "10051", - "dns.id": "0x0000049a", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 19:33:22.241425000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508466802.241425000", - "frame.time_delta": "0.001975000", - "frame.time_delta_displayed": "0.001975000", - "frame.time_relative": "9089.836221000", - "frame.number": "10051", - "frame.len": "137", - "frame.cap_len": "137", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "123", - "ip.id": "0x000030bf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000087c1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "51418", - "udp.port": "53", - "udp.port": "51418", - "udp.length": "103", - "udp.checksum": "0x0000826a", - "udp.checksum.status": "2", - "udp.stream": "151" - }, - "dns": { - "dns.response_to": "10050", - "dns.time": "0.001975000", - "dns.id": "0x0000049a", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "1", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - }, - "Authoritative nameservers": { - "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "6", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1786", - "dns.resp.len": "46", - "dns.soa.mname": "ns1.ext.philips.com", - "dns.soa.rname": "ddi-authority.philips.com", - "dns.soa.serial_number": "387", - "dns.soa.refresh_interval": "1200", - "dns.soa.retry_interval": "300", - "dns.soa.expire_limit": "1209600", - "dns.soa.mininum_ttl": "3600" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 19:33:22.242432000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508466802.242432000", - "frame.time_delta": "0.001007000", - "frame.time_delta_displayed": "0.001007000", - "frame.time_relative": "9089.837228000", - "frame.number": "10052", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000751d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000439d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "60729", - "udp.dstport": "53", - "udp.port": "60729", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000ee68", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "dns": { - "dns.response_in": "10053", - "dns.id": "0x0000049b", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 19:33:22.244090000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508466802.244090000", - "frame.time_delta": "0.001658000", - "frame.time_delta_displayed": "0.001658000", - "frame.time_relative": "9089.838886000", - "frame.number": "10053", - "frame.len": "285", - "frame.cap_len": "285", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "271", - "ip.id": "0x000030c0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000872c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "60729", - "udp.port": "53", - "udp.port": "60729", - "udp.length": "251", - "udp.checksum": "0x000082fe", - "udp.checksum.status": "2", - "udp.stream": "152" - }, - "dns": { - "dns.response_to": "10052", - "dns.time": "0.001658000", - "dns.id": "0x0000049b", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "3", - "dns.count.add_rr": "6", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1786", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - }, - "Authoritative nameservers": { - "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1786", - "dns.resp.len": "10", - "dns.ns": "ns1.ext.philips.com" - }, - "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1786", - "dns.resp.len": "6", - "dns.ns": "ns3.ext.philips.com" - }, - "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1786", - "dns.resp.len": "6", - "dns.ns": "ns2.ext.philips.com" - } - }, - "Additional records": { - "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { - "dns.resp.name": "ns1.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "147808", - "dns.resp.len": "4", - "dns.a": "57.67.40.20" - }, - "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "172526", - "dns.resp.len": "4", - "dns.a": "57.77.21.76" - }, - "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "172526", - "dns.resp.len": "4", - "dns.a": "57.73.36.68" - }, - "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { - "dns.resp.name": "ns1.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "151427", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce89:8001::57:67:40:20" - }, - "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "144000", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" - }, - "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "144000", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce9d:1::57:73:36:68" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 19:33:22.660387000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508466802.660387000", - "frame.time_delta": "0.001051000", - "frame.time_delta_displayed": "0.416297000", - "frame.time_relative": "9090.255183000", - "frame.number": "10069", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00007547", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004373", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "46220", - "udp.dstport": "53", - "udp.port": "46220", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00000c15", - "udp.checksum.status": "2", - "udp.stream": "153" - }, - "dns": { - "dns.response_in": "10070", - "dns.id": "0x0000049c", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 19:33:22.660954000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508466802.660954000", - "frame.time_delta": "0.000567000", - "frame.time_delta_displayed": "0.000567000", - "frame.time_relative": "9090.255750000", - "frame.number": "10070", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x000030d6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000087e4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "46220", - "udp.port": "53", - "udp.port": "46220", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "153" - }, - "dns": { - "dns.response_to": "10069", - "dns.time": "0.000567000", - "dns.id": "0x0000049c", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 19:33:22.661749000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508466802.661749000", - "frame.time_delta": "0.000795000", - "frame.time_delta_displayed": "0.000795000", - "frame.time_relative": "9090.256545000", - "frame.number": "10071", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00007548", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004372", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "51255", - "udp.dstport": "53", - "udp.port": "51255", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00001369", - "udp.checksum.status": "2", - "udp.stream": "154" - }, - "dns": { - "dns.response_in": "10072", - "dns.id": "0x0000049d", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 19:33:22.662301000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508466802.662301000", - "frame.time_delta": "0.000552000", - "frame.time_delta_displayed": "0.000552000", - "frame.time_relative": "9090.257097000", - "frame.number": "10072", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x000030d7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000087d3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "51255", - "udp.port": "53", - "udp.port": "51255", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "154" - }, - "dns": { - "dns.response_to": "10071", - "dns.time": "0.000552000", - "dns.id": "0x0000049d", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1786", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 19:37:51.914199000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508467071.914199000", - "frame.time_delta": "0.065381000", - "frame.time_delta_displayed": "269.251898000", - "frame.time_relative": "9359.508995000", - "frame.number": "10287", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x000089fd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002ec0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "41837", - "udp.dstport": "53", - "udp.port": "41837", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000b5ac", - "udp.checksum.status": "2", - "udp.stream": "155" - }, - "dns": { - "dns.response_in": "10288", - "dns.id": "0x0000049e", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 19:37:51.978100000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508467071.978100000", - "frame.time_delta": "0.063901000", - "frame.time_delta_displayed": "0.063901000", - "frame.time_relative": "9359.572896000", - "frame.number": "10288", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x00008e7d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000288b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "41837", - "udp.port": "53", - "udp.port": "41837", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "155" - }, - "dns": { - "dns.response_to": "10287", - "dns.time": "0.063901000", - "dns.id": "0x0000049e", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "117", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4313", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.112" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.125" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "488", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "488", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "488", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "488", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "488", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "488", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "488", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "488", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "488", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2799", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1516", - "dns.resp.len": "4", - "dns.a": "184.51.200.159" - }, - "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.188": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2018", - "dns.resp.len": "4", - "dns.a": "96.17.70.188" - }, - "n3b.akamaiedge.net: type A, class IN, addr 204.1.137.33": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2202", - "dns.resp.len": "4", - "dns.a": "204.1.137.33" - }, - "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5110", - "dns.resp.len": "4", - "dns.a": "173.197.192.230" - }, - "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2858", - "dns.resp.len": "4", - "dns.a": "165.254.16.89" - }, - "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.188": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2660", - "dns.resp.len": "4", - "dns.a": "96.17.70.188" - }, - "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "719", - "dns.resp.len": "4", - "dns.a": "165.254.16.92" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5496", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 19:52:51.985173000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508467971.985173000", - "frame.time_delta": "0.373714000", - "frame.time_delta_displayed": "900.007073000", - "frame.time_relative": "10259.579969000", - "frame.number": "11065", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x0000b24b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000672", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "33682", - "udp.dstport": "53", - "udp.port": "33682", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000d586", - "udp.checksum.status": "2", - "udp.stream": "163" - }, - "dns": { - "dns.response_in": "11066", - "dns.id": "0x0000049f", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 19:52:52.048951000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508467972.048951000", - "frame.time_delta": "0.063778000", - "frame.time_delta_displayed": "0.063778000", - "frame.time_relative": "10259.643747000", - "frame.number": "11066", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x00008dbf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002949", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "33682", - "udp.port": "53", - "udp.port": "33682", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "163" - }, - "dns": { - "dns.response_to": "11065", - "dns.time": "0.063778000", - "dns.id": "0x0000049f", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "117", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3413", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.73": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.73" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.2": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.2" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3589", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3589", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3589", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3589", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3589", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3589", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3589", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3589", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3589", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1898", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "615", - "dns.resp.len": "4", - "dns.a": "184.51.200.159" - }, - "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.188": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1117", - "dns.resp.len": "4", - "dns.a": "96.17.70.188" - }, - "n3b.akamaiedge.net: type A, class IN, addr 204.1.137.33": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1301", - "dns.resp.len": "4", - "dns.a": "204.1.137.33" - }, - "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4209", - "dns.resp.len": "4", - "dns.a": "173.197.192.230" - }, - "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1957", - "dns.resp.len": "4", - "dns.a": "165.254.16.89" - }, - "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.188": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1759", - "dns.resp.len": "4", - "dns.a": "96.17.70.188" - }, - "n7b.akamaiedge.net: type A, class IN, addr 173.197.192.237": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5819", - "dns.resp.len": "4", - "dns.a": "173.197.192.237" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4595", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 20:07:52.060309000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508468872.060309000", - "frame.time_delta": "0.486449000", - "frame.time_delta_displayed": "900.011358000", - "frame.time_relative": "11159.655105000", - "frame.number": "11855", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x0000fdee", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bace", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "49312", - "udp.dstport": "53", - "udp.port": "49312", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x00009877", - "udp.checksum.status": "2", - "udp.stream": "171" - }, - "dns": { - "dns.response_in": "11856", - "dns.id": "0x000004a0", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 20:07:52.067203000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508468872.067203000", - "frame.time_delta": "0.006894000", - "frame.time_delta_displayed": "0.006894000", - "frame.time_relative": "11159.661999000", - "frame.number": "11856", - "frame.len": "467", - "frame.cap_len": "467", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "453", - "ip.id": "0x0000b190", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000005a6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "49312", - "udp.port": "53", - "udp.port": "49312", - "udp.length": "433", - "udp.checksum": "0x000083b4", - "udp.checksum.status": "2", - "udp.stream": "171" - }, - "dns": { - "dns.response_to": "11855", - "dns.time": "0.006894000", - "dns.id": "0x000004a0", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "8", - "dns.count.add_rr": "8", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "141", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4110", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.27" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.42" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "774", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "774", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "774", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "774", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "774", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "774", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "774", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "774", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3298", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3838", - "dns.resp.len": "4", - "dns.a": "204.1.137.41" - }, - "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.233": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6614", - "dns.resp.len": "4", - "dns.a": "173.197.192.233" - }, - "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2677", - "dns.resp.len": "4", - "dns.a": "173.197.192.229" - }, - "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1085", - "dns.resp.len": "4", - "dns.a": "173.197.192.230" - }, - "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.37": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3641", - "dns.resp.len": "4", - "dns.a": "204.1.137.37" - }, - "n6b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3220", - "dns.resp.len": "4", - "dns.a": "204.1.137.41" - }, - "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.37": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5325", - "dns.resp.len": "4", - "dns.a": "204.1.137.37" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 20:22:52.076126000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508469772.076126000", - "frame.time_delta": "0.590869000", - "frame.time_delta_displayed": "900.008923000", - "frame.time_relative": "12059.670922000", - "frame.number": "12657", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x0000a2db", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000015e2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53703", - "udp.dstport": "53", - "udp.port": "53703", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000874f", - "udp.checksum.status": "2", - "udp.stream": "177" - }, - "dns": { - "dns.response_in": "12658", - "dns.id": "0x000004a1", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 20:22:52.112051000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508469772.112051000", - "frame.time_delta": "0.035925000", - "frame.time_delta_displayed": "0.035925000", - "frame.time_relative": "12059.706847000", - "frame.number": "12658", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x0000ccc6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ea41", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "53703", - "udp.port": "53", - "udp.port": "53703", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "177" - }, - "dns": { - "dns.response_to": "12657", - "dns.time": "0.035925000", - "dns.id": "0x000004a1", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "116", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1612", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.2": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.2" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.73": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.73" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1789", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1789", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1789", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1789", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1789", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1789", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1789", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1789", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1789", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "98", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6816", - "dns.resp.len": "4", - "dns.a": "198.172.88.208" - }, - "n2b.akamaiedge.net: type A, class IN, addr 198.172.88.208": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "7318", - "dns.resp.len": "4", - "dns.a": "198.172.88.208" - }, - "n3b.akamaiedge.net: type A, class IN, addr 198.172.88.200": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3503", - "dns.resp.len": "4", - "dns.a": "198.172.88.200" - }, - "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2409", - "dns.resp.len": "4", - "dns.a": "173.197.192.230" - }, - "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "157", - "dns.resp.len": "4", - "dns.a": "165.254.16.89" - }, - "n6b.akamaiedge.net: type A, class IN, addr 198.172.88.205": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3960", - "dns.resp.len": "4", - "dns.a": "198.172.88.205" - }, - "n7b.akamaiedge.net: type A, class IN, addr 173.197.192.237": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4019", - "dns.resp.len": "4", - "dns.a": "173.197.192.237" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2795", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 20:33:22.842206000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508470402.842206000", - "frame.time_delta": "0.384116000", - "frame.time_delta_displayed": "630.730155000", - "frame.time_relative": "12690.437002000", - "frame.number": "13303", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000dd6f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000db4a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "44754", - "udp.dstport": "53", - "udp.port": "44754", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x000011c9", - "udp.checksum.status": "2", - "udp.stream": "184" - }, - "dns": { - "dns.response_in": "13304", - "dns.id": "0x000004a2", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 20:33:22.844183000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508470402.844183000", - "frame.time_delta": "0.001977000", - "frame.time_delta_displayed": "0.001977000", - "frame.time_relative": "12690.438979000", - "frame.number": "13304", - "frame.len": "137", - "frame.cap_len": "137", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "123", - "ip.id": "0x00000246", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b63a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "44754", - "udp.port": "53", - "udp.port": "44754", - "udp.length": "103", - "udp.checksum": "0x0000826a", - "udp.checksum.status": "2", - "udp.stream": "184" - }, - "dns": { - "dns.response_to": "13303", - "dns.time": "0.001977000", - "dns.id": "0x000004a2", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "1", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - }, - "Authoritative nameservers": { - "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "6", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3219", - "dns.resp.len": "46", - "dns.soa.mname": "ns1.ext.philips.com", - "dns.soa.rname": "ddi-authority.philips.com", - "dns.soa.serial_number": "387", - "dns.soa.refresh_interval": "1200", - "dns.soa.retry_interval": "300", - "dns.soa.expire_limit": "1209600", - "dns.soa.mininum_ttl": "3600" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 20:33:22.846468000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508470402.846468000", - "frame.time_delta": "0.002285000", - "frame.time_delta_displayed": "0.002285000", - "frame.time_relative": "12690.441264000", - "frame.number": "13305", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000dd70", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000db49", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "35982", - "udp.dstport": "53", - "udp.port": "35982", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00004f0c", - "udp.checksum.status": "2", - "udp.stream": "185" - }, - "dns": { - "dns.response_in": "13306", - "dns.id": "0x000004a3", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 20:33:22.848081000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508470402.848081000", - "frame.time_delta": "0.001613000", - "frame.time_delta_displayed": "0.001613000", - "frame.time_relative": "12690.442877000", - "frame.number": "13306", - "frame.len": "285", - "frame.cap_len": "285", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "271", - "ip.id": "0x00000247", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b5a5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "35982", - "udp.port": "53", - "udp.port": "35982", - "udp.length": "251", - "udp.checksum": "0x000082fe", - "udp.checksum.status": "2", - "udp.stream": "185" - }, - "dns": { - "dns.response_to": "13305", - "dns.time": "0.001613000", - "dns.id": "0x000004a3", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "3", - "dns.count.add_rr": "6", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3161", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - }, - "Authoritative nameservers": { - "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "645", - "dns.resp.len": "10", - "dns.ns": "ns3.ext.philips.com" - }, - "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "645", - "dns.resp.len": "6", - "dns.ns": "ns2.ext.philips.com" - }, - "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "645", - "dns.resp.len": "6", - "dns.ns": "ns1.ext.philips.com" - } - }, - "Additional records": { - "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { - "dns.resp.name": "ns1.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "856", - "dns.resp.len": "4", - "dns.a": "57.67.40.20" - }, - "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "164374", - "dns.resp.len": "4", - "dns.a": "57.77.21.76" - }, - "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "164374", - "dns.resp.len": "4", - "dns.a": "57.73.36.68" - }, - "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { - "dns.resp.name": "ns1.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2117", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce89:8001::57:67:40:20" - }, - "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "54351", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" - }, - "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "54351", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce9d:1::57:73:36:68" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 20:33:23.264573000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508470403.264573000", - "frame.time_delta": "0.001337000", - "frame.time_delta_displayed": "0.416492000", - "frame.time_relative": "12690.859369000", - "frame.number": "13322", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000dd71", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000db48", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56095", - "udp.dstport": "53", - "udp.port": "56095", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000e579", - "udp.checksum.status": "2", - "udp.stream": "186" - }, - "dns": { - "dns.response_in": "13323", - "dns.id": "0x000004a4", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 20:33:23.265148000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508470403.265148000", - "frame.time_delta": "0.000575000", - "frame.time_delta_displayed": "0.000575000", - "frame.time_relative": "12690.859944000", - "frame.number": "13323", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000026e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b64c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "56095", - "udp.port": "53", - "udp.port": "56095", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "186" - }, - "dns": { - "dns.response_to": "13322", - "dns.time": "0.000575000", - "dns.id": "0x000004a4", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 20:33:23.266041000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508470403.266041000", - "frame.time_delta": "0.000893000", - "frame.time_delta_displayed": "0.000893000", - "frame.time_relative": "12690.860837000", - "frame.number": "13324", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000dd72", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000db47", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "41786", - "udp.dstport": "53", - "udp.port": "41786", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000385e", - "udp.checksum.status": "2", - "udp.stream": "187" - }, - "dns": { - "dns.response_in": "13325", - "dns.id": "0x000004a5", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 20:33:23.266579000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508470403.266579000", - "frame.time_delta": "0.000538000", - "frame.time_delta_displayed": "0.000538000", - "frame.time_relative": "12690.861375000", - "frame.number": "13325", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x0000026f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b63b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "41786", - "udp.port": "53", - "udp.port": "41786", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "187" - }, - "dns": { - "dns.response_to": "13324", - "dns.time": "0.000538000", - "dns.id": "0x000004a5", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3160", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 20:37:52.120059000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508470672.120059000", - "frame.time_delta": "0.625668000", - "frame.time_delta_displayed": "268.853480000", - "frame.time_relative": "12959.714855000", - "frame.number": "13582", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x00002649", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009274", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "54738", - "udp.dstport": "53", - "udp.port": "54738", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000833f", - "udp.checksum.status": "2", - "udp.stream": "188" - }, - "dns": { - "dns.response_in": "13583", - "dns.id": "0x000004a6", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 20:37:52.140960000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508470672.140960000", - "frame.time_delta": "0.020901000", - "frame.time_delta_displayed": "0.020901000", - "frame.time_relative": "12959.735756000", - "frame.number": "13583", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x00004310", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000073f8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "54738", - "udp.port": "53", - "udp.port": "54738", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "188" - }, - "dns": { - "dns.response_to": "13582", - "dns.time": "0.020901000", - "dns.id": "0x000004a6", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "116", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "712", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.125" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.112" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "889", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "889", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "889", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "889", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "889", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "889", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "889", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "889", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "889", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3199", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5916", - "dns.resp.len": "4", - "dns.a": "198.172.88.208" - }, - "n2b.akamaiedge.net: type A, class IN, addr 198.172.88.208": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6418", - "dns.resp.len": "4", - "dns.a": "198.172.88.208" - }, - "n3b.akamaiedge.net: type A, class IN, addr 198.172.88.200": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2603", - "dns.resp.len": "4", - "dns.a": "198.172.88.200" - }, - "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1509", - "dns.resp.len": "4", - "dns.a": "173.197.192.230" - }, - "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.206": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "7258", - "dns.resp.len": "4", - "dns.a": "198.172.88.206" - }, - "n6b.akamaiedge.net: type A, class IN, addr 198.172.88.205": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3060", - "dns.resp.len": "4", - "dns.a": "198.172.88.205" - }, - "n7b.akamaiedge.net: type A, class IN, addr 173.197.192.237": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3119", - "dns.resp.len": "4", - "dns.a": "173.197.192.237" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1895", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 20:52:52.147811000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508471572.147811000", - "frame.time_delta": "0.719415000", - "frame.time_delta_displayed": "900.006851000", - "frame.time_relative": "13859.742607000", - "frame.number": "14361", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x0000e5bd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000d2ff", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "55123", - "udp.dstport": "53", - "udp.port": "55123", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x000081bd", - "udp.checksum.status": "2", - "udp.stream": "197" - }, - "dns": { - "dns.response_in": "14362", - "dns.id": "0x000004a7", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 20:52:52.212985000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508471572.212985000", - "frame.time_delta": "0.065174000", - "frame.time_delta_displayed": "0.065174000", - "frame.time_relative": "13859.807781000", - "frame.number": "14362", - "frame.len": "467", - "frame.cap_len": "467", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "453", - "ip.id": "0x00004fa4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006792", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "55123", - "udp.port": "53", - "udp.port": "55123", - "udp.length": "433", - "udp.checksum": "0x000083b4", - "udp.checksum.status": "2", - "udp.stream": "197" - }, - "dns": { - "dns.response_to": "14361", - "dns.time": "0.065174000", - "dns.id": "0x000004a7", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "8", - "dns.count.add_rr": "8", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "117", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "21417", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.112" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.125" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "989", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "989", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "989", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "989", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "989", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "989", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "989", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "989", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2299", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5016", - "dns.resp.len": "4", - "dns.a": "198.172.88.208" - }, - "n2b.akamaiedge.net: type A, class IN, addr 198.172.88.208": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5518", - "dns.resp.len": "4", - "dns.a": "198.172.88.208" - }, - "n3b.akamaiedge.net: type A, class IN, addr 198.172.88.200": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1703", - "dns.resp.len": "4", - "dns.a": "198.172.88.200" - }, - "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "609", - "dns.resp.len": "4", - "dns.a": "173.197.192.230" - }, - "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.206": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6358", - "dns.resp.len": "4", - "dns.a": "198.172.88.206" - }, - "n6b.akamaiedge.net: type A, class IN, addr 198.172.88.205": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2160", - "dns.resp.len": "4", - "dns.a": "198.172.88.205" - }, - "n7b.akamaiedge.net: type A, class IN, addr 173.197.192.237": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2219", - "dns.resp.len": "4", - "dns.a": "173.197.192.237" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 21:07:52.219360000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508472472.219360000", - "frame.time_delta": "0.606095000", - "frame.time_delta_displayed": "900.006375000", - "frame.time_relative": "14759.814156000", - "frame.number": "15111", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x0000c5af", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000f30d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "44889", - "udp.dstport": "53", - "udp.port": "44889", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000a9b6", - "udp.checksum.status": "2", - "udp.stream": "205" - }, - "dns": { - "dns.response_in": "15112", - "dns.id": "0x000004a8", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 21:07:52.306389000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508472472.306389000", - "frame.time_delta": "0.087029000", - "frame.time_delta_displayed": "0.087029000", - "frame.time_relative": "14759.901185000", - "frame.number": "15112", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x0000a365", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000013a3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "44889", - "udp.port": "53", - "udp.port": "44889", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "205" - }, - "dns": { - "dns.response_to": "15111", - "dns.time": "0.087029000", - "dns.id": "0x000004a8", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "300", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "510", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.125" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.112" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1174", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1174", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1174", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1174", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1174", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1174", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1174", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1174", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1174", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3699", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "238", - "dns.resp.len": "4", - "dns.a": "204.1.137.41" - }, - "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.233": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3014", - "dns.resp.len": "4", - "dns.a": "173.197.192.233" - }, - "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3078", - "dns.resp.len": "4", - "dns.a": "173.197.192.229" - }, - "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.203": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3486", - "dns.resp.len": "4", - "dns.a": "198.172.88.203" - }, - "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.37": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "41", - "dns.resp.len": "4", - "dns.a": "204.1.137.37" - }, - "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3621", - "dns.resp.len": "4", - "dns.a": "165.254.16.95" - }, - "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.37": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1725", - "dns.resp.len": "4", - "dns.a": "204.1.137.37" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4177", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 21:22:52.395472000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508473372.395472000", - "frame.time_delta": "3.711619000", - "frame.time_delta_displayed": "900.089083000", - "frame.time_relative": "15659.990268000", - "frame.number": "15884", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x000043a6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007517", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53892", - "udp.dstport": "53", - "udp.port": "53892", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000868a", - "udp.checksum.status": "2", - "udp.stream": "212" - }, - "dns": { - "dns.response_in": "15885", - "dns.id": "0x000004a9", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 21:22:52.423942000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508473372.423942000", - "frame.time_delta": "0.028470000", - "frame.time_delta_displayed": "0.028470000", - "frame.time_relative": "15660.018738000", - "frame.number": "15885", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x0000f1a1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c566", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "53892", - "udp.port": "53", - "udp.port": "53892", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "212" - }, - "dns": { - "dns.response_to": "15884", - "dns.time": "0.028470000", - "dns.id": "0x000004a9", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "142", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "21258", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.2": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.2" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.73": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.73" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "274", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "274", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "274", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "274", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "274", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "274", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "274", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "274", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "274", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2799", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "7339", - "dns.resp.len": "4", - "dns.a": "198.172.88.208" - }, - "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.233": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2114", - "dns.resp.len": "4", - "dns.a": "173.197.192.233" - }, - "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2178", - "dns.resp.len": "4", - "dns.a": "173.197.192.229" - }, - "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.203": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2586", - "dns.resp.len": "4", - "dns.a": "198.172.88.203" - }, - "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.203": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "7142", - "dns.resp.len": "4", - "dns.a": "198.172.88.203" - }, - "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2721", - "dns.resp.len": "4", - "dns.a": "165.254.16.95" - }, - "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.37": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "825", - "dns.resp.len": "4", - "dns.a": "204.1.137.37" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3277", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 21:33:23.396307000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508474003.396307000", - "frame.time_delta": "4.678140000", - "frame.time_delta_displayed": "630.972365000", - "frame.time_relative": "16290.991103000", - "frame.number": "16442", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x000096a0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000221a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "37663", - "udp.dstport": "53", - "udp.port": "37663", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00002d74", - "udp.checksum.status": "2", - "udp.stream": "215" - }, - "dns": { - "dns.response_in": "16443", - "dns.id": "0x000004aa", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 21:33:23.398249000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508474003.398249000", - "frame.time_delta": "0.001942000", - "frame.time_delta_displayed": "0.001942000", - "frame.time_relative": "16290.993045000", - "frame.number": "16443", - "frame.len": "137", - "frame.cap_len": "137", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "123", - "ip.id": "0x00008616", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000326a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "37663", - "udp.port": "53", - "udp.port": "37663", - "udp.length": "103", - "udp.checksum": "0x0000826a", - "udp.checksum.status": "2", - "udp.stream": "215" - }, - "dns": { - "dns.response_to": "16442", - "dns.time": "0.001942000", - "dns.id": "0x000004aa", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "1", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - }, - "Authoritative nameservers": { - "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "6", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1786", - "dns.resp.len": "46", - "dns.soa.mname": "ns1.ext.philips.com", - "dns.soa.rname": "ddi-authority.philips.com", - "dns.soa.serial_number": "387", - "dns.soa.refresh_interval": "1200", - "dns.soa.retry_interval": "300", - "dns.soa.expire_limit": "1209600", - "dns.soa.mininum_ttl": "3600" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 21:33:23.399079000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508474003.399079000", - "frame.time_delta": "0.000830000", - "frame.time_delta_displayed": "0.000830000", - "frame.time_relative": "16290.993875000", - "frame.number": "16444", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x000096a1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002219", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "33353", - "udp.dstport": "53", - "udp.port": "33353", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00005949", - "udp.checksum.status": "2", - "udp.stream": "216" - }, - "dns": { - "dns.response_in": "16445", - "dns.id": "0x000004ab", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 21:33:23.400649000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508474003.400649000", - "frame.time_delta": "0.001570000", - "frame.time_delta_displayed": "0.001570000", - "frame.time_relative": "16290.995445000", - "frame.number": "16445", - "frame.len": "285", - "frame.cap_len": "285", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "271", - "ip.id": "0x00008617", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000031d5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "33353", - "udp.port": "53", - "udp.port": "33353", - "udp.length": "251", - "udp.checksum": "0x000082fe", - "udp.checksum.status": "2", - "udp.stream": "216" - }, - "dns": { - "dns.response_to": "16444", - "dns.time": "0.001570000", - "dns.id": "0x000004ab", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "3", - "dns.count.add_rr": "6", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1786", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - }, - "Authoritative nameservers": { - "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1786", - "dns.resp.len": "10", - "dns.ns": "ns3.ext.philips.com" - }, - "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1786", - "dns.resp.len": "6", - "dns.ns": "ns1.ext.philips.com" - }, - "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1786", - "dns.resp.len": "6", - "dns.ns": "ns2.ext.philips.com" - } - }, - "Additional records": { - "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { - "dns.resp.name": "ns1.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "140607", - "dns.resp.len": "4", - "dns.a": "57.67.40.20" - }, - "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "165325", - "dns.resp.len": "4", - "dns.a": "57.77.21.76" - }, - "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "165325", - "dns.resp.len": "4", - "dns.a": "57.73.36.68" - }, - "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { - "dns.resp.name": "ns1.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "144226", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce89:8001::57:67:40:20" - }, - "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "136799", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" - }, - "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "136799", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce9d:1::57:73:36:68" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 21:33:23.818793000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508474003.818793000", - "frame.time_delta": "0.002460000", - "frame.time_delta_displayed": "0.418144000", - "frame.time_relative": "16291.413589000", - "frame.number": "16461", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x000096bd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000021fd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "52555", - "udp.dstport": "53", - "udp.port": "52555", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000f345", - "udp.checksum.status": "2", - "udp.stream": "217" - }, - "dns": { - "dns.response_in": "16462", - "dns.id": "0x000004ac", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 21:33:23.819379000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508474003.819379000", - "frame.time_delta": "0.000586000", - "frame.time_delta_displayed": "0.000586000", - "frame.time_relative": "16291.414175000", - "frame.number": "16462", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000861c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000329e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "52555", - "udp.port": "53", - "udp.port": "52555", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "217" - }, - "dns": { - "dns.response_to": "16461", - "dns.time": "0.000586000", - "dns.id": "0x000004ac", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 21:33:23.820220000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508474003.820220000", - "frame.time_delta": "0.000841000", - "frame.time_delta_displayed": "0.000841000", - "frame.time_relative": "16291.415016000", - "frame.number": "16463", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x000096be", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000021fc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "58656", - "udp.dstport": "53", - "udp.port": "58656", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000f66f", - "udp.checksum.status": "2", - "udp.stream": "218" - }, - "dns": { - "dns.response_in": "16464", - "dns.id": "0x000004ad", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 21:33:23.820779000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508474003.820779000", - "frame.time_delta": "0.000559000", - "frame.time_delta_displayed": "0.000559000", - "frame.time_relative": "16291.415575000", - "frame.number": "16464", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x0000861d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000328d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "58656", - "udp.port": "53", - "udp.port": "58656", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "218" - }, - "dns": { - "dns.response_to": "16463", - "dns.time": "0.000559000", - "dns.id": "0x000004ad", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1786", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 21:37:52.430247000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508474272.430247000", - "frame.time_delta": "3.692969000", - "frame.time_delta_displayed": "268.609468000", - "frame.time_relative": "16560.025043000", - "frame.number": "16697", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x0000e609", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000d2b3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "47128", - "udp.dstport": "53", - "udp.port": "47128", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000a0f1", - "udp.checksum.status": "2", - "udp.stream": "221" - }, - "dns": { - "dns.response_in": "16698", - "dns.id": "0x000004ae", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 21:37:52.445842000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508474272.445842000", - "frame.time_delta": "0.015595000", - "frame.time_delta_displayed": "0.015595000", - "frame.time_relative": "16560.040638000", - "frame.number": "16698", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x0000be56", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000f8b1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "47128", - "udp.port": "53", - "udp.port": "47128", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "221" - }, - "dns": { - "dns.response_to": "16697", - "dns.time": "0.015595000", - "dns.id": "0x000004ae", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "142", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20358", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.112" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.125" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3374", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3374", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3374", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3374", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3374", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3374", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3374", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3374", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3374", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1899", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6439", - "dns.resp.len": "4", - "dns.a": "198.172.88.208" - }, - "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.233": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1214", - "dns.resp.len": "4", - "dns.a": "173.197.192.233" - }, - "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1278", - "dns.resp.len": "4", - "dns.a": "173.197.192.229" - }, - "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.203": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1686", - "dns.resp.len": "4", - "dns.a": "198.172.88.203" - }, - "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.203": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6242", - "dns.resp.len": "4", - "dns.a": "198.172.88.203" - }, - "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1821", - "dns.resp.len": "4", - "dns.a": "165.254.16.95" - }, - "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.205": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5927", - "dns.resp.len": "4", - "dns.a": "198.172.88.205" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2377", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 21:52:52.450308000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508475172.450308000", - "frame.time_delta": "6.313074000", - "frame.time_delta_displayed": "900.004466000", - "frame.time_relative": "17460.045104000", - "frame.number": "17472", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x00002b9d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008d20", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "58502", - "udp.dstport": "53", - "udp.port": "58502", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x00007482", - "udp.checksum.status": "2", - "udp.stream": "229" - }, - "dns": { - "dns.response_in": "17473", - "dns.id": "0x000004af", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 21:52:52.456608000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508475172.456608000", - "frame.time_delta": "0.006300000", - "frame.time_delta_displayed": "0.006300000", - "frame.time_relative": "17460.051404000", - "frame.number": "17473", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x000011ad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000a55b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "58502", - "udp.port": "53", - "udp.port": "58502", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "229" - }, - "dns": { - "dns.response_to": "17472", - "dns.time": "0.006300000", - "dns.id": "0x000004af", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "142", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "19458", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.112" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.125" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2474", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2474", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2474", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2474", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2474", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2474", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2474", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2474", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2474", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "999", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5539", - "dns.resp.len": "4", - "dns.a": "198.172.88.208" - }, - "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.233": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "314", - "dns.resp.len": "4", - "dns.a": "173.197.192.233" - }, - "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "378", - "dns.resp.len": "4", - "dns.a": "173.197.192.229" - }, - "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.203": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "786", - "dns.resp.len": "4", - "dns.a": "198.172.88.203" - }, - "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.203": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5342", - "dns.resp.len": "4", - "dns.a": "198.172.88.203" - }, - "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "921", - "dns.resp.len": "4", - "dns.a": "165.254.16.95" - }, - "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.205": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5027", - "dns.resp.len": "4", - "dns.a": "198.172.88.205" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1477", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 22:07:52.464775000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508476072.464775000", - "frame.time_delta": "4.206559000", - "frame.time_delta_displayed": "900.008167000", - "frame.time_relative": "18360.059571000", - "frame.number": "18263", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x00005c8a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005c33", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "58930", - "udp.dstport": "53", - "udp.port": "58930", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x000072d5", - "udp.checksum.status": "2", - "udp.stream": "235" - }, - "dns": { - "dns.response_in": "18264", - "dns.id": "0x000004b0", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 22:07:52.473763000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508476072.473763000", - "frame.time_delta": "0.008988000", - "frame.time_delta_displayed": "0.008988000", - "frame.time_relative": "18360.068559000", - "frame.number": "18264", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x000052f7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006411", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "58930", - "udp.port": "53", - "udp.port": "58930", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "235" - }, - "dns": { - "dns.response_to": "18263", - "dns.time": "0.008988000", - "dns.id": "0x000004b0", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "142", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "18558", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.112" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.125" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1574", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1574", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1574", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1574", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1574", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1574", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1574", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1574", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1574", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "99", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4639", - "dns.resp.len": "4", - "dns.a": "198.172.88.208" - }, - "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.108": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "7415", - "dns.resp.len": "4", - "dns.a": "173.223.52.108" - }, - "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.129": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3479", - "dns.resp.len": "4", - "dns.a": "173.223.52.129" - }, - "n4b.akamaiedge.net: type A, class IN, addr 173.223.52.70": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5887", - "dns.resp.len": "4", - "dns.a": "173.223.52.70" - }, - "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.203": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4442", - "dns.resp.len": "4", - "dns.a": "198.172.88.203" - }, - "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "21", - "dns.resp.len": "4", - "dns.a": "165.254.16.95" - }, - "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.205": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4127", - "dns.resp.len": "4", - "dns.a": "198.172.88.205" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "577", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 22:22:52.482011000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508476972.482011000", - "frame.time_delta": "2.079982000", - "frame.time_delta_displayed": "900.008248000", - "frame.time_relative": "19260.076807000", - "frame.number": "19082", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x00007f92", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000392b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "48250", - "udp.dstport": "53", - "udp.port": "48250", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x00009c8c", - "udp.checksum.status": "2", - "udp.stream": "242" - }, - "dns": { - "dns.response_in": "19083", - "dns.id": "0x000004b1", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 22:22:52.488375000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508476972.488375000", - "frame.time_delta": "0.006364000", - "frame.time_delta_displayed": "0.006364000", - "frame.time_relative": "19260.083171000", - "frame.number": "19083", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x000024f5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009213", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "48250", - "udp.port": "53", - "udp.port": "48250", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "242" - }, - "dns": { - "dns.response_to": "19082", - "dns.time": "0.006364000", - "dns.id": "0x000004b1", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "143", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "17658", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.112" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.125" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "674", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "674", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "674", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "674", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "674", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "674", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "674", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "674", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "674", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3200", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3739", - "dns.resp.len": "4", - "dns.a": "198.172.88.208" - }, - "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.108": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6515", - "dns.resp.len": "4", - "dns.a": "173.223.52.108" - }, - "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.129": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2579", - "dns.resp.len": "4", - "dns.a": "173.223.52.129" - }, - "n4b.akamaiedge.net: type A, class IN, addr 173.223.52.70": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4987", - "dns.resp.len": "4", - "dns.a": "173.223.52.70" - }, - "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.203": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3542", - "dns.resp.len": "4", - "dns.a": "198.172.88.203" - }, - "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.94": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3122", - "dns.resp.len": "4", - "dns.a": "165.254.16.94" - }, - "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.205": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3227", - "dns.resp.len": "4", - "dns.a": "198.172.88.205" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5678", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 22:33:21.968209000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508477601.968209000", - "frame.time_delta": "2.368838000", - "frame.time_delta_displayed": "629.479834000", - "frame.time_relative": "19889.563005000", - "frame.number": "19759", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x000048a9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007011", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "48476", - "udp.dstport": "53", - "udp.port": "48476", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000032f", - "udp.checksum.status": "2", - "udp.stream": "248" - }, - "dns": { - "dns.response_in": "19760", - "dns.id": "0x000004b2", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 22:33:21.970113000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508477601.970113000", - "frame.time_delta": "0.001904000", - "frame.time_delta_displayed": "0.001904000", - "frame.time_relative": "19889.564909000", - "frame.number": "19760", - "frame.len": "137", - "frame.cap_len": "137", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "123", - "ip.id": "0x00006934", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004f4c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "48476", - "udp.port": "53", - "udp.port": "48476", - "udp.length": "103", - "udp.checksum": "0x0000826a", - "udp.checksum.status": "2", - "udp.stream": "248" - }, - "dns": { - "dns.response_to": "19759", - "dns.time": "0.001904000", - "dns.id": "0x000004b2", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "1", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - }, - "Authoritative nameservers": { - "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "6", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3220", - "dns.resp.len": "46", - "dns.soa.mname": "ns1.ext.philips.com", - "dns.soa.rname": "ddi-authority.philips.com", - "dns.soa.serial_number": "387", - "dns.soa.refresh_interval": "1200", - "dns.soa.retry_interval": "300", - "dns.soa.expire_limit": "1209600", - "dns.soa.mininum_ttl": "3600" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 22:33:21.971590000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508477601.971590000", - "frame.time_delta": "0.001477000", - "frame.time_delta_displayed": "0.001477000", - "frame.time_relative": "19889.566386000", - "frame.number": "19761", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x000048aa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007010", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "60103", - "udp.dstport": "53", - "udp.port": "60103", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000f0c2", - "udp.checksum.status": "2", - "udp.stream": "249" - }, - "dns": { - "dns.response_in": "19762", - "dns.id": "0x000004b3", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 22:33:21.973429000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508477601.973429000", - "frame.time_delta": "0.001839000", - "frame.time_delta_displayed": "0.001839000", - "frame.time_relative": "19889.568225000", - "frame.number": "19762", - "frame.len": "269", - "frame.cap_len": "269", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "255", - "ip.id": "0x00006935", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004ec7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "60103", - "udp.port": "53", - "udp.port": "60103", - "udp.length": "235", - "udp.checksum": "0x000082ee", - "udp.checksum.status": "2", - "udp.stream": "249" - }, - "dns": { - "dns.response_to": "19761", - "dns.time": "0.001839000", - "dns.id": "0x000004b3", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "3", - "dns.count.add_rr": "5", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3220", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - }, - "Authoritative nameservers": { - "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "689", - "dns.resp.len": "10", - "dns.ns": "ns3.ext.philips.com" - }, - "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "689", - "dns.resp.len": "6", - "dns.ns": "ns1.ext.philips.com" - }, - "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "689", - "dns.resp.len": "6", - "dns.ns": "ns2.ext.philips.com" - } - }, - "Additional records": { - "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "157175", - "dns.resp.len": "4", - "dns.a": "57.77.21.76" - }, - "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "157175", - "dns.resp.len": "4", - "dns.a": "57.73.36.68" - }, - "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { - "dns.resp.name": "ns1.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2218", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce89:8001::57:67:40:20" - }, - "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "47152", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" - }, - "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "47152", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce9d:1::57:73:36:68" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 22:33:22.393601000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508477602.393601000", - "frame.time_delta": "0.000661000", - "frame.time_delta_displayed": "0.420172000", - "frame.time_relative": "19889.988397000", - "frame.number": "19778", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x000048c9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006ff1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "58716", - "udp.dstport": "53", - "udp.port": "58716", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000db2c", - "udp.checksum.status": "2", - "udp.stream": "250" - }, - "dns": { - "dns.response_in": "19779", - "dns.id": "0x000004b4", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 22:33:22.394208000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508477602.394208000", - "frame.time_delta": "0.000607000", - "frame.time_delta_displayed": "0.000607000", - "frame.time_relative": "19889.989004000", - "frame.number": "19779", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00006951", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004f69", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "58716", - "udp.port": "53", - "udp.port": "58716", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "250" - }, - "dns": { - "dns.response_to": "19778", - "dns.time": "0.000607000", - "dns.id": "0x000004b4", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 22:33:22.395034000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508477602.395034000", - "frame.time_delta": "0.000826000", - "frame.time_delta_displayed": "0.000826000", - "frame.time_relative": "19889.989830000", - "frame.number": "19780", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x000048ca", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006ff0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "58570", - "udp.dstport": "53", - "udp.port": "58570", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000f6bd", - "udp.checksum.status": "2", - "udp.stream": "251" - }, - "dns": { - "dns.response_in": "19781", - "dns.id": "0x000004b5", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 22:33:22.395453000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508477602.395453000", - "frame.time_delta": "0.000419000", - "frame.time_delta_displayed": "0.000419000", - "frame.time_relative": "19889.990249000", - "frame.number": "19781", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x00006952", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004f58", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "58570", - "udp.port": "53", - "udp.port": "58570", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "251" - }, - "dns": { - "dns.response_to": "19780", - "dns.time": "0.000419000", - "dns.id": "0x000004b5", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3219", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 22:37:52.496004000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508477872.496004000", - "frame.time_delta": "7.655864000", - "frame.time_delta_displayed": "270.100551000", - "frame.time_relative": "20160.090800000", - "frame.number": "20012", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x00007136", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004787", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57235", - "udp.dstport": "53", - "udp.port": "57235", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000796e", - "udp.checksum.status": "2", - "udp.stream": "252" - }, - "dns": { - "dns.response_in": "20013", - "dns.id": "0x000004b6", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 22:37:52.557890000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508477872.557890000", - "frame.time_delta": "0.061886000", - "frame.time_delta_displayed": "0.061886000", - "frame.time_relative": "20160.152686000", - "frame.number": "20013", - "frame.len": "467", - "frame.cap_len": "467", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "453", - "ip.id": "0x00007974", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003dc2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "57235", - "udp.port": "53", - "udp.port": "57235", - "udp.length": "433", - "udp.checksum": "0x000083b4", - "udp.checksum.status": "2", - "udp.stream": "252" - }, - "dns": { - "dns.response_to": "20012", - "dns.time": "0.061886000", - "dns.id": "0x000004b6", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "8", - "dns.count.add_rr": "8", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "118", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "15117", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.112" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.125" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "690", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "690", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "690", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "690", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "690", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "690", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "690", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "690", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 23.67.56.215": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6717", - "dns.resp.len": "4", - "dns.a": "23.67.56.215" - }, - "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "7220", - "dns.resp.len": "4", - "dns.a": "204.2.166.158" - }, - "n3b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3405", - "dns.resp.len": "4", - "dns.a": "204.2.166.150" - }, - "n4b.akamaiedge.net: type A, class IN, addr 165.254.16.92": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "311", - "dns.resp.len": "4", - "dns.a": "165.254.16.92" - }, - "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.206": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "58", - "dns.resp.len": "4", - "dns.a": "198.172.88.206" - }, - "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.69": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3867", - "dns.resp.len": "4", - "dns.a": "173.223.52.69" - }, - "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.204": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1920", - "dns.resp.len": "4", - "dns.a": "198.172.88.204" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 22:52:52.564075000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508478772.564075000", - "frame.time_delta": "2.198143000", - "frame.time_delta_displayed": "900.006185000", - "frame.time_relative": "21060.158871000", - "frame.number": "20790", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x0000cae0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000eddc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "43240", - "udp.dstport": "53", - "udp.port": "43240", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000b018", - "udp.checksum.status": "2", - "udp.stream": "258" - }, - "dns": { - "dns.response_in": "20791", - "dns.id": "0x000004b7", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 22:52:52.600980000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508478772.600980000", - "frame.time_delta": "0.036905000", - "frame.time_delta_displayed": "0.036905000", - "frame.time_relative": "21060.195776000", - "frame.number": "20791", - "frame.len": "467", - "frame.cap_len": "467", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "453", - "ip.id": "0x00009731", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002005", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "43240", - "udp.port": "53", - "udp.port": "43240", - "udp.length": "433", - "udp.checksum": "0x000083b4", - "udp.checksum.status": "2", - "udp.stream": "258" - }, - "dns": { - "dns.response_to": "20790", - "dns.time": "0.036905000", - "dns.id": "0x000004b7", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "8", - "dns.count.add_rr": "8", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "118", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "14217", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.125" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.112" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "790", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "790", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "790", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "790", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "790", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "790", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "790", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "790", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3106", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 23.67.56.215": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5817", - "dns.resp.len": "4", - "dns.a": "23.67.56.215" - }, - "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6320", - "dns.resp.len": "4", - "dns.a": "204.2.166.158" - }, - "n3b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2505", - "dns.resp.len": "4", - "dns.a": "204.2.166.150" - }, - "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.202": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5412", - "dns.resp.len": "4", - "dns.a": "198.172.88.202" - }, - "n5b.akamaiedge.net: type A, class IN, addr 173.223.52.70": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "7161", - "dns.resp.len": "4", - "dns.a": "173.223.52.70" - }, - "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.69": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2967", - "dns.resp.len": "4", - "dns.a": "173.223.52.69" - }, - "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.204": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1020", - "dns.resp.len": "4", - "dns.a": "198.172.88.204" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 23:07:52.606357000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508479672.606357000", - "frame.time_delta": "1.385883000", - "frame.time_delta_displayed": "900.005377000", - "frame.time_relative": "21960.201153000", - "frame.number": "21562", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x00004d98", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006b25", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53213", - "udp.dstport": "53", - "udp.port": "53213", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x00008922", - "udp.checksum.status": "2", - "udp.stream": "264" - }, - "dns": { - "dns.response_in": "21563", - "dns.id": "0x000004b8", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 23:07:52.617193000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508479672.617193000", - "frame.time_delta": "0.010836000", - "frame.time_delta_displayed": "0.010836000", - "frame.time_relative": "21960.211989000", - "frame.number": "21563", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x0000db65", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dba2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "53213", - "udp.port": "53", - "udp.port": "53213", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "264" - }, - "dns": { - "dns.response_to": "21562", - "dns.time": "0.010836000", - "dns.id": "0x000004b8", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "118", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "13317", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.112" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.125" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3890", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3890", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3890", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3890", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3890", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3890", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3890", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3890", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3890", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2206", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 23.67.56.215": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4917", - "dns.resp.len": "4", - "dns.a": "23.67.56.215" - }, - "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5420", - "dns.resp.len": "4", - "dns.a": "204.2.166.158" - }, - "n3b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1605", - "dns.resp.len": "4", - "dns.a": "204.2.166.150" - }, - "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.202": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4512", - "dns.resp.len": "4", - "dns.a": "198.172.88.202" - }, - "n5b.akamaiedge.net: type A, class IN, addr 173.223.52.70": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6261", - "dns.resp.len": "4", - "dns.a": "173.223.52.70" - }, - "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.69": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2067", - "dns.resp.len": "4", - "dns.a": "173.223.52.69" - }, - "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.204": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "120", - "dns.resp.len": "4", - "dns.a": "198.172.88.204" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5890", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 23:22:52.625699000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508480572.625699000", - "frame.time_delta": "4.403118000", - "frame.time_delta_displayed": "900.008506000", - "frame.time_relative": "22860.220495000", - "frame.number": "22346", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x00005937", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005f86", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "33001", - "udp.dstport": "53", - "udp.port": "33001", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000d815", - "udp.checksum.status": "2", - "udp.stream": "268" - }, - "dns": { - "dns.response_in": "22347", - "dns.id": "0x000004b9", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 23:22:52.650694000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508480572.650694000", - "frame.time_delta": "0.024995000", - "frame.time_delta_displayed": "0.024995000", - "frame.time_relative": "22860.245490000", - "frame.number": "22347", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x0000d12d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000e5da", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "33001", - "udp.port": "53", - "udp.port": "33001", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "268" - }, - "dns": { - "dns.response_to": "22346", - "dns.time": "0.024995000", - "dns.id": "0x000004b9", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "143", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "14058", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.112" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.125" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1074", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1074", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1074", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1074", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1074", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1074", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1074", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1074", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1074", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3601", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "139", - "dns.resp.len": "4", - "dns.a": "198.172.88.208" - }, - "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.108": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2915", - "dns.resp.len": "4", - "dns.a": "173.223.52.108" - }, - "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.239": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2980", - "dns.resp.len": "4", - "dns.a": "165.254.134.239" - }, - "n4b.akamaiedge.net: type A, class IN, addr 173.223.52.70": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1387", - "dns.resp.len": "4", - "dns.a": "173.223.52.70" - }, - "n5b.akamaiedge.net: type A, class IN, addr 96.17.70.191": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "7943", - "dns.resp.len": "4", - "dns.a": "96.17.70.191" - }, - "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.70": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3523", - "dns.resp.len": "4", - "dns.a": "173.223.52.70" - }, - "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5628", - "dns.resp.len": "4", - "dns.a": "204.1.137.41" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2078", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 23:33:22.664730000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508481202.664730000", - "frame.time_delta": "2.566341000", - "frame.time_delta_displayed": "630.014036000", - "frame.time_relative": "23490.259526000", - "frame.number": "22859", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00007d2e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003b8c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "58340", - "udp.dstport": "53", - "udp.port": "58340", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000dc9e", - "udp.checksum.status": "2", - "udp.stream": "271" - }, - "dns": { - "dns.response_in": "22860", - "dns.id": "0x000004ba", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 23:33:22.666597000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508481202.666597000", - "frame.time_delta": "0.001867000", - "frame.time_delta_displayed": "0.001867000", - "frame.time_relative": "23490.261393000", - "frame.number": "22860", - "frame.len": "137", - "frame.cap_len": "137", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "123", - "ip.id": "0x00008ce9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002b97", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "58340", - "udp.port": "53", - "udp.port": "58340", - "udp.length": "103", - "udp.checksum": "0x0000826a", - "udp.checksum.status": "2", - "udp.stream": "271" - }, - "dns": { - "dns.response_to": "22859", - "dns.time": "0.001867000", - "dns.id": "0x000004ba", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "1", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - }, - "Authoritative nameservers": { - "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "6", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3219", - "dns.resp.len": "46", - "dns.soa.mname": "ns1.ext.philips.com", - "dns.soa.rname": "ddi-authority.philips.com", - "dns.soa.serial_number": "387", - "dns.soa.refresh_interval": "1200", - "dns.soa.retry_interval": "300", - "dns.soa.expire_limit": "1209600", - "dns.soa.mininum_ttl": "3600" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 23:33:22.667494000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508481202.667494000", - "frame.time_delta": "0.000897000", - "frame.time_delta_displayed": "0.000897000", - "frame.time_relative": "23490.262290000", - "frame.number": "22861", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00007d2f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003b8b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "52564", - "udp.dstport": "53", - "udp.port": "52564", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00000e2e", - "udp.checksum.status": "2", - "udp.stream": "272" - }, - "dns": { - "dns.response_in": "22862", - "dns.id": "0x000004bb", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 23:33:22.669032000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508481202.669032000", - "frame.time_delta": "0.001538000", - "frame.time_delta_displayed": "0.001538000", - "frame.time_relative": "23490.263828000", - "frame.number": "22862", - "frame.len": "269", - "frame.cap_len": "269", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "255", - "ip.id": "0x00008cea", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002b12", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "52564", - "udp.port": "53", - "udp.port": "52564", - "udp.length": "235", - "udp.checksum": "0x000082ee", - "udp.checksum.status": "2", - "udp.stream": "272" - }, - "dns": { - "dns.response_to": "22861", - "dns.time": "0.001538000", - "dns.id": "0x000004bb", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "3", - "dns.count.add_rr": "5", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3220", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - }, - "Authoritative nameservers": { - "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "688", - "dns.resp.len": "10", - "dns.ns": "ns3.ext.philips.com" - }, - "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "688", - "dns.resp.len": "6", - "dns.ns": "ns1.ext.philips.com" - }, - "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "688", - "dns.resp.len": "6", - "dns.ns": "ns2.ext.philips.com" - } - }, - "Additional records": { - "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "153574", - "dns.resp.len": "4", - "dns.a": "57.77.21.76" - }, - "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "153574", - "dns.resp.len": "4", - "dns.a": "57.73.36.68" - }, - "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { - "dns.resp.name": "ns1.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "171829", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce89:8001::57:67:40:20" - }, - "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "43551", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" - }, - "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "43551", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce9d:1::57:73:36:68" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 23:33:23.087037000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508481203.087037000", - "frame.time_delta": "0.001271000", - "frame.time_delta_displayed": "0.418005000", - "frame.time_relative": "23490.681833000", - "frame.number": "22878", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00007d4c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003b6e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "37188", - "udp.dstport": "53", - "udp.port": "37188", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00002f3d", - "udp.checksum.status": "2", - "udp.stream": "273" - }, - "dns": { - "dns.response_in": "22879", - "dns.id": "0x000004bc", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 23:33:23.087591000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508481203.087591000", - "frame.time_delta": "0.000554000", - "frame.time_delta_displayed": "0.000554000", - "frame.time_relative": "23490.682387000", - "frame.number": "22879", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00008d00", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002bba", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "37188", - "udp.port": "53", - "udp.port": "37188", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "273" - }, - "dns": { - "dns.response_to": "22878", - "dns.time": "0.000554000", - "dns.id": "0x000004bc", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 23:33:23.088490000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508481203.088490000", - "frame.time_delta": "0.000899000", - "frame.time_delta_displayed": "0.000899000", - "frame.time_relative": "23490.683286000", - "frame.number": "22880", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00007d4d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003b6d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57857", - "udp.dstport": "53", - "udp.port": "57857", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000f97e", - "udp.checksum.status": "2", - "udp.stream": "274" - }, - "dns": { - "dns.response_in": "22881", - "dns.id": "0x000004bd", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 23:33:23.089060000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508481203.089060000", - "frame.time_delta": "0.000570000", - "frame.time_delta_displayed": "0.000570000", - "frame.time_relative": "23490.683856000", - "frame.number": "22881", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x00008d01", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002ba9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "57857", - "udp.port": "53", - "udp.port": "57857", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "274" - }, - "dns": { - "dns.response_to": "22880", - "dns.time": "0.000570000", - "dns.id": "0x000004bd", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3219", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 23:37:52.675652000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508481472.675652000", - "frame.time_delta": "1.044735000", - "frame.time_delta_displayed": "269.586592000", - "frame.time_relative": "23760.270448000", - "frame.number": "23158", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x00009f5f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000195e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "41570", - "udp.dstport": "53", - "udp.port": "41570", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000b697", - "udp.checksum.status": "2", - "udp.stream": "280" - }, - "dns": { - "dns.response_in": "23159", - "dns.id": "0x000004be", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 23:37:52.686467000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508481472.686467000", - "frame.time_delta": "0.010815000", - "frame.time_delta_displayed": "0.010815000", - "frame.time_relative": "23760.281263000", - "frame.number": "23159", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x0000db55", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dbb2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "41570", - "udp.port": "53", - "udp.port": "41570", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "280" - }, - "dns": { - "dns.response_to": "23158", - "dns.time": "0.010815000", - "dns.id": "0x000004be", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "143", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "13158", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.112" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.125" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "174", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "174", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "174", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "174", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "174", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "174", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "174", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "174", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "174", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2701", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.131": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "7242", - "dns.resp.len": "4", - "dns.a": "173.223.52.131" - }, - "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.108": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2015", - "dns.resp.len": "4", - "dns.a": "173.223.52.108" - }, - "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.239": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2080", - "dns.resp.len": "4", - "dns.a": "165.254.134.239" - }, - "n4b.akamaiedge.net: type A, class IN, addr 173.223.52.70": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "487", - "dns.resp.len": "4", - "dns.a": "173.223.52.70" - }, - "n5b.akamaiedge.net: type A, class IN, addr 96.17.70.191": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "7043", - "dns.resp.len": "4", - "dns.a": "96.17.70.191" - }, - "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.70": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2623", - "dns.resp.len": "4", - "dns.a": "173.223.52.70" - }, - "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4728", - "dns.resp.len": "4", - "dns.a": "204.1.137.41" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1178", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 23:52:52.690665000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508482372.690665000", - "frame.time_delta": "0.322371000", - "frame.time_delta_displayed": "900.004198000", - "frame.time_relative": "24660.285461000", - "frame.number": "23918", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x00009671", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000224c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "42853", - "udp.dstport": "53", - "udp.port": "42853", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000b193", - "udp.checksum.status": "2", - "udp.stream": "284" - }, - "dns": { - "dns.response_in": "23919", - "dns.id": "0x000004bf", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 19, 2017 23:52:52.711241000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508482372.711241000", - "frame.time_delta": "0.020576000", - "frame.time_delta_displayed": "0.020576000", - "frame.time_relative": "24660.306037000", - "frame.number": "23919", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x00001d6b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000999d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "42853", - "udp.port": "53", - "udp.port": "42853", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "284" - }, - "dns": { - "dns.response_to": "23918", - "dns.time": "0.020576000", - "dns.id": "0x000004bf", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "119", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "10617", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.125" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.112" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1190", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1190", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1190", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1190", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1190", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1190", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1190", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1190", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1190", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3509", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 23.67.56.215": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2217", - "dns.resp.len": "4", - "dns.a": "23.67.56.215" - }, - "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2720", - "dns.resp.len": "4", - "dns.a": "204.2.166.158" - }, - "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2912", - "dns.resp.len": "4", - "dns.a": "173.223.52.108" - }, - "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.202": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1812", - "dns.resp.len": "4", - "dns.a": "198.172.88.202" - }, - "n5b.akamaiedge.net: type A, class IN, addr 173.223.52.70": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3561", - "dns.resp.len": "4", - "dns.a": "173.223.52.70" - }, - "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3369", - "dns.resp.len": "4", - "dns.a": "173.223.52.109" - }, - "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.246": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3423", - "dns.resp.len": "4", - "dns.a": "165.254.134.246" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3190", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 00:07:52.715432000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508483272.715432000", - "frame.time_delta": "0.798629000", - "frame.time_delta_displayed": "900.004191000", - "frame.time_relative": "25560.310228000", - "frame.number": "24682", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x0000a08f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000182e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53913", - "udp.dstport": "53", - "udp.port": "53913", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000865e", - "udp.checksum.status": "2", - "udp.stream": "288" - }, - "dns": { - "dns.response_in": "24683", - "dns.id": "0x000004c0", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 00:07:52.722880000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508483272.722880000", - "frame.time_delta": "0.007448000", - "frame.time_delta_displayed": "0.007448000", - "frame.time_relative": "25560.317676000", - "frame.number": "24683", - "frame.len": "467", - "frame.cap_len": "467", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "453", - "ip.id": "0x000067fe", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004f38", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "53913", - "udp.port": "53", - "udp.port": "53913", - "udp.length": "433", - "udp.checksum": "0x000083b4", - "udp.checksum.status": "2", - "udp.stream": "288" - }, - "dns": { - "dns.response_to": "24682", - "dns.time": "0.007448000", - "dns.id": "0x000004c0", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "8", - "dns.count.add_rr": "8", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "143", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "11358", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.112" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.125" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "374", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "374", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "374", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "374", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "374", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "374", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "374", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "374", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "901", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.131": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5442", - "dns.resp.len": "4", - "dns.a": "173.223.52.131" - }, - "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.108": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "215", - "dns.resp.len": "4", - "dns.a": "173.223.52.108" - }, - "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.239": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "280", - "dns.resp.len": "4", - "dns.a": "165.254.134.239" - }, - "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.177": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4688", - "dns.resp.len": "4", - "dns.a": "96.17.70.177" - }, - "n5b.akamaiedge.net: type A, class IN, addr 96.17.70.191": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5243", - "dns.resp.len": "4", - "dns.a": "96.17.70.191" - }, - "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.70": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "823", - "dns.resp.len": "4", - "dns.a": "173.223.52.70" - }, - "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2928", - "dns.resp.len": "4", - "dns.a": "204.1.137.41" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 00:12:04.696340000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508483524.696340000", - "frame.time_delta": "0.145443000", - "frame.time_delta_displayed": "251.973460000", - "frame.time_relative": "25812.291136000", - "frame.number": "24953", - "frame.len": "83", - "frame.cap_len": "83", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "69", - "ip.id": "0x0000a209", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000016ad", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "49770", - "udp.dstport": "53", - "udp.port": "49770", - "udp.port": "53", - "udp.length": "49", - "udp.checksum": "0x0000cac1", - "udp.checksum.status": "2", - "udp.stream": "293" - }, - "dns": { - "dns.response_in": "24954", - "dns.id": "0x00000043", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "diagnostics.meethue.com: type A, class IN": { - "dns.qry.name": "diagnostics.meethue.com", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 00:12:04.767719000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508483524.767719000", - "frame.time_delta": "0.071379000", - "frame.time_delta_displayed": "0.071379000", - "frame.time_relative": "25812.362515000", - "frame.number": "24954", - "frame.len": "297", - "frame.cap_len": "297", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "283", - "ip.id": "0x00008814", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002fcc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "49770", - "udp.port": "53", - "udp.port": "49770", - "udp.length": "263", - "udp.checksum": "0x0000830a", - "udp.checksum.status": "2", - "udp.stream": "293" - }, - "dns": { - "dns.response_to": "24953", - "dns.time": "0.071379000", - "dns.id": "0x00000043", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "3", - "dns.count.add_rr": "6", - "Queries": { - "diagnostics.meethue.com: type A, class IN": { - "dns.qry.name": "diagnostics.meethue.com", - "dns.qry.name.len": "23", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "diagnostics.meethue.com: type A, class IN, addr 130.211.67.12": { - "dns.resp.name": "diagnostics.meethue.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "300", - "dns.resp.len": "4", - "dns.a": "130.211.67.12" - } - }, - "Authoritative nameservers": { - "meethue.com: type NS, class IN, ns ns3.ext.philips.com": { - "dns.resp.name": "meethue.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1704", - "dns.resp.len": "18", - "dns.ns": "ns3.ext.philips.com" - }, - "meethue.com: type NS, class IN, ns ns1.ext.philips.com": { - "dns.resp.name": "meethue.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1704", - "dns.resp.len": "6", - "dns.ns": "ns1.ext.philips.com" - }, - "meethue.com: type NS, class IN, ns ns2.ext.philips.com": { - "dns.resp.name": "meethue.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1704", - "dns.resp.len": "6", - "dns.ns": "ns2.ext.philips.com" - } - }, - "Additional records": { - "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { - "dns.resp.name": "ns1.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "131086", - "dns.resp.len": "4", - "dns.a": "57.67.40.20" - }, - "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "155804", - "dns.resp.len": "4", - "dns.a": "57.77.21.76" - }, - "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "155804", - "dns.resp.len": "4", - "dns.a": "57.73.36.68" - }, - "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { - "dns.resp.name": "ns1.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "134705", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce89:8001::57:67:40:20" - }, - "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "127278", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" - }, - "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "127278", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce9d:1::57:73:36:68" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 00:22:52.727669000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508484172.727669000", - "frame.time_delta": "3.871548000", - "frame.time_delta_displayed": "647.959950000", - "frame.time_relative": "26460.322465000", - "frame.number": "25506", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x000042c9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000075f4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "55301", - "udp.dstport": "53", - "udp.port": "55301", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x000080f1", - "udp.checksum.status": "2", - "udp.stream": "295" - }, - "dns": { - "dns.response_in": "25507", - "dns.id": "0x000004c1", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 00:22:52.765073000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508484172.765073000", - "frame.time_delta": "0.037404000", - "frame.time_delta_displayed": "0.037404000", - "frame.time_relative": "26460.359869000", - "frame.number": "25507", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x00000318", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b3f0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "55301", - "udp.port": "53", - "udp.port": "55301", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "295" - }, - "dns": { - "dns.response_to": "25506", - "dns.time": "0.037404000", - "dns.id": "0x000004c1", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "119", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "8817", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.112" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.125" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3390", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3390", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3390", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3390", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3390", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3390", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3390", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3390", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3390", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1709", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 23.67.56.215": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "417", - "dns.resp.len": "4", - "dns.a": "23.67.56.215" - }, - "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "920", - "dns.resp.len": "4", - "dns.a": "204.2.166.158" - }, - "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1112", - "dns.resp.len": "4", - "dns.a": "173.223.52.108" - }, - "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.202": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "12", - "dns.resp.len": "4", - "dns.a": "198.172.88.202" - }, - "n5b.akamaiedge.net: type A, class IN, addr 173.223.52.70": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1761", - "dns.resp.len": "4", - "dns.a": "173.223.52.70" - }, - "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1569", - "dns.resp.len": "4", - "dns.a": "173.223.52.109" - }, - "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.246": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1623", - "dns.resp.len": "4", - "dns.a": "165.254.134.246" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1390", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 00:33:23.301033000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508484803.301033000", - "frame.time_delta": "0.159453000", - "frame.time_delta_displayed": "630.535960000", - "frame.time_relative": "27090.895829000", - "frame.number": "26095", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000aa78", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000e42", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "60609", - "udp.dstport": "53", - "udp.port": "60609", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000d3b9", - "udp.checksum.status": "2", - "udp.stream": "299" - }, - "dns": { - "dns.response_in": "26096", - "dns.id": "0x000004c2", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 00:33:23.303089000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508484803.303089000", - "frame.time_delta": "0.002056000", - "frame.time_delta_displayed": "0.002056000", - "frame.time_relative": "27090.897885000", - "frame.number": "26096", - "frame.len": "137", - "frame.cap_len": "137", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "123", - "ip.id": "0x0000a9d2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000eae", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "60609", - "udp.port": "53", - "udp.port": "60609", - "udp.length": "103", - "udp.checksum": "0x0000826a", - "udp.checksum.status": "2", - "udp.stream": "299" - }, - "dns": { - "dns.response_to": "26095", - "dns.time": "0.002056000", - "dns.id": "0x000004c2", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "1", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - }, - "Authoritative nameservers": { - "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "6", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3219", - "dns.resp.len": "46", - "dns.soa.mname": "ns1.ext.philips.com", - "dns.soa.rname": "ddi-authority.philips.com", - "dns.soa.serial_number": "387", - "dns.soa.refresh_interval": "1200", - "dns.soa.retry_interval": "300", - "dns.soa.expire_limit": "1209600", - "dns.soa.mininum_ttl": "3600" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 00:33:23.303940000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508484803.303940000", - "frame.time_delta": "0.000851000", - "frame.time_delta_displayed": "0.000851000", - "frame.time_relative": "27090.898736000", - "frame.number": "26097", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000aa79", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000e41", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "45112", - "udp.dstport": "53", - "udp.port": "45112", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00002b42", - "udp.checksum.status": "2", - "udp.stream": "300" - }, - "dns": { - "dns.response_in": "26098", - "dns.id": "0x000004c3", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 00:33:23.305709000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508484803.305709000", - "frame.time_delta": "0.001769000", - "frame.time_delta_displayed": "0.001769000", - "frame.time_relative": "27090.900505000", - "frame.number": "26098", - "frame.len": "269", - "frame.cap_len": "269", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "255", - "ip.id": "0x0000a9d3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000e29", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "45112", - "udp.port": "53", - "udp.port": "45112", - "udp.length": "235", - "udp.checksum": "0x000082ee", - "udp.checksum.status": "2", - "udp.stream": "300" - }, - "dns": { - "dns.response_to": "26097", - "dns.time": "0.001769000", - "dns.id": "0x000004c3", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "3", - "dns.count.add_rr": "5", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3219", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - }, - "Authoritative nameservers": { - "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "689", - "dns.resp.len": "10", - "dns.ns": "ns3.ext.philips.com" - }, - "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "689", - "dns.resp.len": "6", - "dns.ns": "ns1.ext.philips.com" - }, - "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "689", - "dns.resp.len": "6", - "dns.ns": "ns2.ext.philips.com" - } - }, - "Additional records": { - "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "149973", - "dns.resp.len": "4", - "dns.a": "57.77.21.76" - }, - "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "149973", - "dns.resp.len": "4", - "dns.a": "57.73.36.68" - }, - "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { - "dns.resp.name": "ns1.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "168228", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce89:8001::57:67:40:20" - }, - "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "39950", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" - }, - "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "39950", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce9d:1::57:73:36:68" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 00:33:23.726935000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508484803.726935000", - "frame.time_delta": "0.001538000", - "frame.time_delta_displayed": "0.421226000", - "frame.time_relative": "27091.321731000", - "frame.number": "26114", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000aaa1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000e19", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "47836", - "udp.dstport": "53", - "udp.port": "47836", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000059d", - "udp.checksum.status": "2", - "udp.stream": "301" - }, - "dns": { - "dns.response_in": "26115", - "dns.id": "0x000004c4", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 00:33:23.727513000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508484803.727513000", - "frame.time_delta": "0.000578000", - "frame.time_delta_displayed": "0.000578000", - "frame.time_relative": "27091.322309000", - "frame.number": "26115", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000a9f1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000ec9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "47836", - "udp.port": "53", - "udp.port": "47836", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "301" - }, - "dns": { - "dns.response_to": "26114", - "dns.time": "0.000578000", - "dns.id": "0x000004c4", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 00:33:23.728355000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508484803.728355000", - "frame.time_delta": "0.000842000", - "frame.time_delta_displayed": "0.000842000", - "frame.time_relative": "27091.323151000", - "frame.number": "26116", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000aaa2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000e18", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "59436", - "udp.dstport": "53", - "udp.port": "59436", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000f34b", - "udp.checksum.status": "2", - "udp.stream": "302" - }, - "dns": { - "dns.response_in": "26117", - "dns.id": "0x000004c5", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 00:33:23.728777000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508484803.728777000", - "frame.time_delta": "0.000422000", - "frame.time_delta_displayed": "0.000422000", - "frame.time_relative": "27091.323573000", - "frame.number": "26117", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x0000a9f2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000eb8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "59436", - "udp.port": "53", - "udp.port": "59436", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "302" - }, - "dns": { - "dns.response_to": "26116", - "dns.time": "0.000422000", - "dns.id": "0x000004c5", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3219", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 00:37:52.772955000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508485072.772955000", - "frame.time_delta": "1.222355000", - "frame.time_delta_displayed": "269.044178000", - "frame.time_relative": "27360.367751000", - "frame.number": "26369", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x0000ce92", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ea2a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "45574", - "udp.dstport": "53", - "udp.port": "45574", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000a6eb", - "udp.checksum.status": "2", - "udp.stream": "304" - }, - "dns": { - "dns.response_in": "26370", - "dns.id": "0x000004c6", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 00:37:52.788820000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508485072.788820000", - "frame.time_delta": "0.015865000", - "frame.time_delta_displayed": "0.015865000", - "frame.time_relative": "27360.383616000", - "frame.number": "26370", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x0000cb7f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000eb88", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "45574", - "udp.port": "53", - "udp.port": "45574", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "304" - }, - "dns": { - "dns.response_to": "26369", - "dns.time": "0.015865000", - "dns.id": "0x000004c6", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "144", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "9558", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.42" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.27" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2574", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2574", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2574", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2574", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2574", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2574", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2574", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2574", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2574", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3102", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.131": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3642", - "dns.resp.len": "4", - "dns.a": "173.223.52.131" - }, - "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.94": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6416", - "dns.resp.len": "4", - "dns.a": "165.254.16.94" - }, - "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.176": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2481", - "dns.resp.len": "4", - "dns.a": "96.17.70.176" - }, - "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.177": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2888", - "dns.resp.len": "4", - "dns.a": "96.17.70.177" - }, - "n5b.akamaiedge.net: type A, class IN, addr 96.17.70.191": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3443", - "dns.resp.len": "4", - "dns.a": "96.17.70.191" - }, - "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.177": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3024", - "dns.resp.len": "4", - "dns.a": "96.17.70.177" - }, - "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1128", - "dns.resp.len": "4", - "dns.a": "204.1.137.41" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4574", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 00:52:52.797929000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508485972.797929000", - "frame.time_delta": "1.729711000", - "frame.time_delta_displayed": "900.009109000", - "frame.time_relative": "28260.392725000", - "frame.number": "27288", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x0000fdad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bb0f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "57726", - "udp.dstport": "53", - "udp.port": "57726", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x00007772", - "udp.checksum.status": "2", - "udp.stream": "311" - }, - "dns": { - "dns.response_in": "27289", - "dns.id": "0x000004c7", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 00:52:52.808637000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508485972.808637000", - "frame.time_delta": "0.010708000", - "frame.time_delta_displayed": "0.010708000", - "frame.time_relative": "28260.403433000", - "frame.number": "27289", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x0000efa6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c761", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "57726", - "udp.port": "53", - "udp.port": "57726", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "311" - }, - "dns": { - "dns.response_to": "27288", - "dns.time": "0.010708000", - "dns.id": "0x000004c7", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "144", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "8658", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.42" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.27" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1674", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1674", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1674", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1674", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1674", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1674", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1674", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1674", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1674", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2202", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.131": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2742", - "dns.resp.len": "4", - "dns.a": "173.223.52.131" - }, - "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.94": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5516", - "dns.resp.len": "4", - "dns.a": "165.254.16.94" - }, - "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.176": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1581", - "dns.resp.len": "4", - "dns.a": "96.17.70.176" - }, - "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.177": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1988", - "dns.resp.len": "4", - "dns.a": "96.17.70.177" - }, - "n5b.akamaiedge.net: type A, class IN, addr 96.17.70.191": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2543", - "dns.resp.len": "4", - "dns.a": "96.17.70.191" - }, - "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.177": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2124", - "dns.resp.len": "4", - "dns.a": "96.17.70.177" - }, - "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "228", - "dns.resp.len": "4", - "dns.a": "204.1.137.41" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3674", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 01:07:52.814329000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508486872.814329000", - "frame.time_delta": "5.472047000", - "frame.time_delta_displayed": "900.005692000", - "frame.time_relative": "29160.409125000", - "frame.number": "28061", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x0000614d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005770", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "39493", - "udp.dstport": "53", - "udp.port": "39493", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000beaa", - "udp.checksum.status": "2", - "udp.stream": "315" - }, - "dns": { - "dns.response_in": "28062", - "dns.id": "0x000004c8", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 01:07:52.835978000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508486872.835978000", - "frame.time_delta": "0.021649000", - "frame.time_delta_displayed": "0.021649000", - "frame.time_relative": "29160.430774000", - "frame.number": "28062", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x00000e9b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000a86d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "39493", - "udp.port": "53", - "udp.port": "39493", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "315" - }, - "dns": { - "dns.response_to": "28061", - "dns.time": "0.021649000", - "dns.id": "0x000004c8", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "119", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6117", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.27" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.42" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "690", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "690", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "690", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "690", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "690", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "690", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "690", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "690", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "690", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3011", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5718", - "dns.resp.len": "4", - "dns.a": "204.1.137.41" - }, - "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.155": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6226", - "dns.resp.len": "4", - "dns.a": "204.2.166.155" - }, - "n3b.akamaiedge.net: type A, class IN, addr 23.67.56.207": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2421", - "dns.resp.len": "4", - "dns.a": "23.67.56.207" - }, - "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.174": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3318", - "dns.resp.len": "4", - "dns.a": "96.17.70.174" - }, - "n5b.akamaiedge.net: type A, class IN, addr 23.67.56.215": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "7067", - "dns.resp.len": "4", - "dns.a": "23.67.56.215" - }, - "n6b.akamaiedge.net: type A, class IN, addr 23.67.56.213": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2874", - "dns.resp.len": "4", - "dns.a": "23.67.56.213" - }, - "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.155": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4925", - "dns.resp.len": "4", - "dns.a": "204.2.166.155" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4702", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 01:22:52.843589000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508487772.843589000", - "frame.time_delta": "0.601966000", - "frame.time_delta_displayed": "900.007611000", - "frame.time_relative": "30060.438385000", - "frame.number": "28868", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x00008683", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000323a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "60232", - "udp.dstport": "53", - "udp.port": "60232", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x00006da6", - "udp.checksum.status": "2", - "udp.stream": "322" - }, - "dns": { - "dns.response_in": "28869", - "dns.id": "0x000004c9", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 01:22:52.850618000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508487772.850618000", - "frame.time_delta": "0.007029000", - "frame.time_delta_displayed": "0.007029000", - "frame.time_relative": "30060.445414000", - "frame.number": "28869", - "frame.len": "467", - "frame.cap_len": "467", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "453", - "ip.id": "0x000032d6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008460", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "60232", - "udp.port": "53", - "udp.port": "60232", - "udp.length": "433", - "udp.checksum": "0x000083b4", - "udp.checksum.status": "2", - "udp.stream": "322" - }, - "dns": { - "dns.response_to": "28868", - "dns.time": "0.007029000", - "dns.id": "0x000004c9", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "8", - "dns.count.add_rr": "8", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "144", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6858", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.27" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.42" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "874", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "874", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "874", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "874", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "874", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "874", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "874", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "874", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "402", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.131": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "942", - "dns.resp.len": "4", - "dns.a": "173.223.52.131" - }, - "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.94": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3716", - "dns.resp.len": "4", - "dns.a": "165.254.16.94" - }, - "n3b.akamaiedge.net: type A, class IN, addr 23.67.56.213": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3782", - "dns.resp.len": "4", - "dns.a": "23.67.56.213" - }, - "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.177": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "188", - "dns.resp.len": "4", - "dns.a": "96.17.70.177" - }, - "n5b.akamaiedge.net: type A, class IN, addr 96.17.70.191": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "743", - "dns.resp.len": "4", - "dns.a": "96.17.70.191" - }, - "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.177": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "324", - "dns.resp.len": "4", - "dns.a": "96.17.70.177" - }, - "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.243": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4429", - "dns.resp.len": "4", - "dns.a": "165.254.134.243" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 01:33:21.755985000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508488401.755985000", - "frame.time_delta": "1.940613000", - "frame.time_delta_displayed": "628.905367000", - "frame.time_relative": "30689.350781000", - "frame.number": "29396", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00009aad", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001e0d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "43519", - "udp.dstport": "53", - "udp.port": "43519", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00001674", - "udp.checksum.status": "2", - "udp.stream": "327" - }, - "dns": { - "dns.response_in": "29397", - "dns.id": "0x000004ca", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 01:33:21.757930000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508488401.757930000", - "frame.time_delta": "0.001945000", - "frame.time_delta_displayed": "0.001945000", - "frame.time_relative": "30689.352726000", - "frame.number": "29397", - "frame.len": "137", - "frame.cap_len": "137", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "123", - "ip.id": "0x0000a15f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001721", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "43519", - "udp.port": "53", - "udp.port": "43519", - "udp.length": "103", - "udp.checksum": "0x0000826a", - "udp.checksum.status": "2", - "udp.stream": "327" - }, - "dns": { - "dns.response_to": "29396", - "dns.time": "0.001945000", - "dns.id": "0x000004ca", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "1", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - }, - "Authoritative nameservers": { - "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "6", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3221", - "dns.resp.len": "46", - "dns.soa.mname": "ns1.ext.philips.com", - "dns.soa.rname": "ddi-authority.philips.com", - "dns.soa.serial_number": "387", - "dns.soa.refresh_interval": "1200", - "dns.soa.retry_interval": "300", - "dns.soa.expire_limit": "1209600", - "dns.soa.mininum_ttl": "3600" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 01:33:21.758751000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508488401.758751000", - "frame.time_delta": "0.000821000", - "frame.time_delta_displayed": "0.000821000", - "frame.time_relative": "30689.353547000", - "frame.number": "29398", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00009aae", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001e0c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "34772", - "udp.dstport": "53", - "udp.port": "34772", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000539e", - "udp.checksum.status": "2", - "udp.stream": "328" - }, - "dns": { - "dns.response_in": "29399", - "dns.id": "0x000004cb", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 01:33:21.760366000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508488401.760366000", - "frame.time_delta": "0.001615000", - "frame.time_delta_displayed": "0.001615000", - "frame.time_relative": "30689.355162000", - "frame.number": "29399", - "frame.len": "285", - "frame.cap_len": "285", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "271", - "ip.id": "0x0000a160", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000168c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "34772", - "udp.port": "53", - "udp.port": "34772", - "udp.length": "251", - "udp.checksum": "0x000082fe", - "udp.checksum.status": "2", - "udp.stream": "328" - }, - "dns": { - "dns.response_to": "29398", - "dns.time": "0.001615000", - "dns.id": "0x000004cb", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "3", - "dns.count.add_rr": "6", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3221", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - }, - "Authoritative nameservers": { - "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1322", - "dns.resp.len": "10", - "dns.ns": "ns2.ext.philips.com" - }, - "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1322", - "dns.resp.len": "6", - "dns.ns": "ns3.ext.philips.com" - }, - "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1322", - "dns.resp.len": "6", - "dns.ns": "ns1.ext.philips.com" - } - }, - "Additional records": { - "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { - "dns.resp.name": "ns1.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "442", - "dns.resp.len": "4", - "dns.a": "57.67.40.20" - }, - "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "146375", - "dns.resp.len": "4", - "dns.a": "57.77.21.76" - }, - "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "146375", - "dns.resp.len": "4", - "dns.a": "57.73.36.68" - }, - "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { - "dns.resp.name": "ns1.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "164630", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce89:8001::57:67:40:20" - }, - "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "36352", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" - }, - "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "36352", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce9d:1::57:73:36:68" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 01:33:22.179535000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508488402.179535000", - "frame.time_delta": "0.001270000", - "frame.time_delta_displayed": "0.419169000", - "frame.time_relative": "30689.774331000", - "frame.number": "29415", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00009ac2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001df8", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "32927", - "udp.dstport": "53", - "udp.port": "32927", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00003fd2", - "udp.checksum.status": "2", - "udp.stream": "329" - }, - "dns": { - "dns.response_in": "29416", - "dns.id": "0x000004cc", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 01:33:22.180074000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508488402.180074000", - "frame.time_delta": "0.000539000", - "frame.time_delta_displayed": "0.000539000", - "frame.time_relative": "30689.774870000", - "frame.number": "29416", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000a17c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000173e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "32927", - "udp.port": "53", - "udp.port": "32927", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "329" - }, - "dns": { - "dns.response_to": "29415", - "dns.time": "0.000539000", - "dns.id": "0x000004cc", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 01:33:22.181272000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508488402.181272000", - "frame.time_delta": "0.001198000", - "frame.time_delta_displayed": "0.001198000", - "frame.time_relative": "30689.776068000", - "frame.number": "29417", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00009ac3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001df7", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "50502", - "udp.dstport": "53", - "udp.port": "50502", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000162a", - "udp.checksum.status": "2", - "udp.stream": "330" - }, - "dns": { - "dns.response_in": "29418", - "dns.id": "0x000004cd", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 01:33:22.181706000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508488402.181706000", - "frame.time_delta": "0.000434000", - "frame.time_delta_displayed": "0.000434000", - "frame.time_relative": "30689.776502000", - "frame.number": "29418", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x0000a17d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000172d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "50502", - "udp.port": "53", - "udp.port": "50502", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "330" - }, - "dns": { - "dns.response_to": "29417", - "dns.time": "0.000434000", - "dns.id": "0x000004cd", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3220", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 01:37:52.855829000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508488672.855829000", - "frame.time_delta": "3.621068000", - "frame.time_delta_displayed": "270.674123000", - "frame.time_relative": "30960.450625000", - "frame.number": "29698", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x0000af13", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000009aa", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "51191", - "udp.dstport": "53", - "udp.port": "51191", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x000090f2", - "udp.checksum.status": "2", - "udp.stream": "331" - }, - "dns": { - "dns.response_in": "29699", - "dns.id": "0x000004ce", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 01:37:52.862182000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508488672.862182000", - "frame.time_delta": "0.006353000", - "frame.time_delta_displayed": "0.006353000", - "frame.time_relative": "30960.456978000", - "frame.number": "29699", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x0000ff8b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b77c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "51191", - "udp.port": "53", - "udp.port": "51191", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "331" - }, - "dns": { - "dns.response_to": "29698", - "dns.time": "0.006353000", - "dns.id": "0x000004ce", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "144", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5958", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.42" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.27" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3974", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3974", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3974", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3974", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3974", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3974", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3974", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3974", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3974", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3503", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.131": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "42", - "dns.resp.len": "4", - "dns.a": "173.223.52.131" - }, - "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.94": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2816", - "dns.resp.len": "4", - "dns.a": "165.254.16.94" - }, - "n3b.akamaiedge.net: type A, class IN, addr 23.67.56.213": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2882", - "dns.resp.len": "4", - "dns.a": "23.67.56.213" - }, - "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.175": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5291", - "dns.resp.len": "4", - "dns.a": "96.17.70.175" - }, - "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "7844", - "dns.resp.len": "4", - "dns.a": "204.2.166.150" - }, - "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.177": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3426", - "dns.resp.len": "4", - "dns.a": "96.17.70.177" - }, - "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.243": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3529", - "dns.resp.len": "4", - "dns.a": "165.254.134.243" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "974", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 01:52:52.869701000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508489572.869701000", - "frame.time_delta": "1.064777000", - "frame.time_delta_displayed": "900.007519000", - "frame.time_relative": "31860.464497000", - "frame.number": "30491", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x0000c558", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000f364", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "43504", - "udp.dstport": "53", - "udp.port": "43504", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000aef8", - "udp.checksum.status": "2", - "udp.stream": "337" - }, - "dns": { - "dns.response_in": "30492", - "dns.id": "0x000004cf", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 01:52:52.875803000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508489572.875803000", - "frame.time_delta": "0.006102000", - "frame.time_delta_displayed": "0.006102000", - "frame.time_relative": "31860.470599000", - "frame.number": "30492", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x00004e2b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000068dd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "43504", - "udp.port": "53", - "udp.port": "43504", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "337" - }, - "dns": { - "dns.response_to": "30491", - "dns.time": "0.006102000", - "dns.id": "0x000004cf", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "144", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5058", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.27" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.42" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3074", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3074", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3074", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3074", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3074", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3074", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3074", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3074", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3074", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2603", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "7144", - "dns.resp.len": "4", - "dns.a": "204.2.166.154" - }, - "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.94": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1916", - "dns.resp.len": "4", - "dns.a": "165.254.16.94" - }, - "n3b.akamaiedge.net: type A, class IN, addr 23.67.56.213": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1982", - "dns.resp.len": "4", - "dns.a": "23.67.56.213" - }, - "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.175": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4391", - "dns.resp.len": "4", - "dns.a": "96.17.70.175" - }, - "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6944", - "dns.resp.len": "4", - "dns.a": "204.2.166.150" - }, - "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.177": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2526", - "dns.resp.len": "4", - "dns.a": "96.17.70.177" - }, - "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.243": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2629", - "dns.resp.len": "4", - "dns.a": "165.254.134.243" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "74", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 02:07:52.881831000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508490472.881831000", - "frame.time_delta": "1.602333000", - "frame.time_delta_displayed": "900.006028000", - "frame.time_relative": "32760.476627000", - "frame.number": "31269", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x0000ce88", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ea34", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "38554", - "udp.dstport": "53", - "udp.port": "38554", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000c24d", - "udp.checksum.status": "2", - "udp.stream": "343" - }, - "dns": { - "dns.response_in": "31270", - "dns.id": "0x000004d0", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 02:07:52.891762000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508490472.891762000", - "frame.time_delta": "0.009931000", - "frame.time_delta_displayed": "0.009931000", - "frame.time_relative": "32760.486558000", - "frame.number": "31270", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x00000e5c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000a8ac", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "38554", - "udp.port": "53", - "udp.port": "38554", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "343" - }, - "dns": { - "dns.response_to": "31269", - "dns.time": "0.009931000", - "dns.id": "0x000004d0", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "144", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4158", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.42" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.27" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2174", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2174", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2174", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2174", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2174", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2174", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2174", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2174", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2174", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1703", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6244", - "dns.resp.len": "4", - "dns.a": "204.2.166.154" - }, - "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.94": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1016", - "dns.resp.len": "4", - "dns.a": "165.254.16.94" - }, - "n3b.akamaiedge.net: type A, class IN, addr 23.67.56.213": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1082", - "dns.resp.len": "4", - "dns.a": "23.67.56.213" - }, - "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.175": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3491", - "dns.resp.len": "4", - "dns.a": "96.17.70.175" - }, - "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6044", - "dns.resp.len": "4", - "dns.a": "204.2.166.150" - }, - "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.177": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1626", - "dns.resp.len": "4", - "dns.a": "96.17.70.177" - }, - "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.243": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1729", - "dns.resp.len": "4", - "dns.a": "165.254.134.243" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5177", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 02:22:52.901114000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508491372.901114000", - "frame.time_delta": "1.849865000", - "frame.time_delta_displayed": "900.009352000", - "frame.time_relative": "33660.495910000", - "frame.number": "32056", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x00004594", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007329", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "33202", - "udp.dstport": "53", - "udp.port": "33202", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000d734", - "udp.checksum.status": "2", - "udp.stream": "348" - }, - "dns": { - "dns.response_in": "32057", - "dns.id": "0x000004d1", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 02:22:52.972380000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508491372.972380000", - "frame.time_delta": "0.071266000", - "frame.time_delta_displayed": "0.071266000", - "frame.time_relative": "33660.567176000", - "frame.number": "32057", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x00002997", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008d71", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "33202", - "udp.port": "53", - "udp.port": "33202", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "348" - }, - "dns": { - "dns.response_to": "32056", - "dns.time": "0.071266000", - "dns.id": "0x000004d1", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "120", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1617", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.27" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.42" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1191", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1191", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1191", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1191", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1191", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1191", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1191", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1191", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1191", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2514", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1218", - "dns.resp.len": "4", - "dns.a": "204.1.137.41" - }, - "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.155": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1726", - "dns.resp.len": "4", - "dns.a": "204.2.166.155" - }, - "n3b.akamaiedge.net: type A, class IN, addr 204.2.166.155": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1922", - "dns.resp.len": "4", - "dns.a": "204.2.166.155" - }, - "n4b.akamaiedge.net: type A, class IN, addr 204.2.166.151": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4820", - "dns.resp.len": "4", - "dns.a": "204.2.166.151" - }, - "n5b.akamaiedge.net: type A, class IN, addr 23.67.56.215": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2567", - "dns.resp.len": "4", - "dns.a": "23.67.56.215" - }, - "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.151": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2380", - "dns.resp.len": "4", - "dns.a": "204.2.166.151" - }, - "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.155": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "425", - "dns.resp.len": "4", - "dns.a": "204.2.166.155" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "202", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 02:33:22.349285000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508492002.349285000", - "frame.time_delta": "0.837648000", - "frame.time_delta_displayed": "629.376905000", - "frame.time_relative": "34289.944081000", - "frame.number": "32626", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000f99e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bf1b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "52881", - "udp.dstport": "53", - "udp.port": "52881", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000f1d9", - "udp.checksum.status": "2", - "udp.stream": "352" - }, - "dns": { - "dns.response_in": "32627", - "dns.id": "0x000004d2", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 02:33:22.351230000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508492002.351230000", - "frame.time_delta": "0.001945000", - "frame.time_delta_displayed": "0.001945000", - "frame.time_relative": "34289.946026000", - "frame.number": "32627", - "frame.len": "137", - "frame.cap_len": "137", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "123", - "ip.id": "0x0000ba2d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000fe52", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "52881", - "udp.port": "53", - "udp.port": "52881", - "udp.length": "103", - "udp.checksum": "0x0000826a", - "udp.checksum.status": "2", - "udp.stream": "352" - }, - "dns": { - "dns.response_to": "32626", - "dns.time": "0.001945000", - "dns.id": "0x000004d2", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "1", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - }, - "Authoritative nameservers": { - "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "6", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3220", - "dns.resp.len": "46", - "dns.soa.mname": "ns1.ext.philips.com", - "dns.soa.rname": "ddi-authority.philips.com", - "dns.soa.serial_number": "387", - "dns.soa.refresh_interval": "1200", - "dns.soa.retry_interval": "300", - "dns.soa.expire_limit": "1209600", - "dns.soa.mininum_ttl": "3600" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 02:33:22.352051000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508492002.352051000", - "frame.time_delta": "0.000821000", - "frame.time_delta_displayed": "0.000821000", - "frame.time_relative": "34289.946847000", - "frame.number": "32628", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000f99f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bf1a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "43337", - "udp.dstport": "53", - "udp.port": "43337", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00003221", - "udp.checksum.status": "2", - "udp.stream": "353" - }, - "dns": { - "dns.response_in": "32629", - "dns.id": "0x000004d3", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 02:33:22.392543000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508492002.392543000", - "frame.time_delta": "0.040492000", - "frame.time_delta_displayed": "0.040492000", - "frame.time_relative": "34289.987339000", - "frame.number": "32629", - "frame.len": "285", - "frame.cap_len": "285", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "271", - "ip.id": "0x0000ba30", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000fdbb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "43337", - "udp.port": "53", - "udp.port": "43337", - "udp.length": "251", - "udp.checksum": "0x000082fe", - "udp.checksum.status": "2", - "udp.stream": "353" - }, - "dns": { - "dns.response_to": "32628", - "dns.time": "0.040492000", - "dns.id": "0x000004d3", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "3", - "dns.count.add_rr": "6", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3220", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - }, - "Authoritative nameservers": { - "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1411", - "dns.resp.len": "10", - "dns.ns": "ns3.ext.philips.com" - }, - "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1411", - "dns.resp.len": "6", - "dns.ns": "ns2.ext.philips.com" - }, - "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1411", - "dns.resp.len": "6", - "dns.ns": "ns1.ext.philips.com" - } - }, - "Additional records": { - "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { - "dns.resp.name": "ns1.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "171851", - "dns.resp.len": "4", - "dns.a": "57.67.40.20" - }, - "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "142774", - "dns.resp.len": "4", - "dns.a": "57.77.21.76" - }, - "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "142774", - "dns.resp.len": "4", - "dns.a": "57.73.36.68" - }, - "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { - "dns.resp.name": "ns1.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "161029", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce89:8001::57:67:40:20" - }, - "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "32751", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" - }, - "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "32751", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce9d:1::57:73:36:68" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 02:33:22.810223000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508492002.810223000", - "frame.time_delta": "0.001028000", - "frame.time_delta_displayed": "0.417680000", - "frame.time_relative": "34290.405019000", - "frame.number": "32645", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000f9af", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bf0a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "54367", - "udp.dstport": "53", - "udp.port": "54367", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000ec09", - "udp.checksum.status": "2", - "udp.stream": "354" - }, - "dns": { - "dns.response_in": "32646", - "dns.id": "0x000004d4", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 02:33:22.810817000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508492002.810817000", - "frame.time_delta": "0.000594000", - "frame.time_delta_displayed": "0.000594000", - "frame.time_relative": "34290.405613000", - "frame.number": "32646", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000ba35", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000fe84", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "54367", - "udp.port": "53", - "udp.port": "54367", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "354" - }, - "dns": { - "dns.response_to": "32645", - "dns.time": "0.000594000", - "dns.id": "0x000004d4", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 02:33:22.811626000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508492002.811626000", - "frame.time_delta": "0.000809000", - "frame.time_delta_displayed": "0.000809000", - "frame.time_relative": "34290.406422000", - "frame.number": "32647", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000f9b0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bf09", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "39432", - "udp.dstport": "53", - "udp.port": "39432", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00004160", - "udp.checksum.status": "2", - "udp.stream": "355" - }, - "dns": { - "dns.response_in": "32648", - "dns.id": "0x000004d5", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 02:33:22.812191000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508492002.812191000", - "frame.time_delta": "0.000565000", - "frame.time_delta_displayed": "0.000565000", - "frame.time_relative": "34290.406987000", - "frame.number": "32648", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x0000ba36", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000fe73", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "39432", - "udp.port": "53", - "udp.port": "39432", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "355" - }, - "dns": { - "dns.response_to": "32647", - "dns.time": "0.000565000", - "dns.id": "0x000004d5", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3220", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 02:37:53.011030000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508492273.011030000", - "frame.time_delta": "0.622307000", - "frame.time_delta_displayed": "270.198839000", - "frame.time_relative": "34560.605826000", - "frame.number": "32884", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x0000400c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000078b1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "44772", - "udp.dstport": "53", - "udp.port": "44772", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000a9fd", - "udp.checksum.status": "2", - "udp.stream": "356" - }, - "dns": { - "dns.response_in": "32885", - "dns.id": "0x000004d6", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 02:37:53.016866000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508492273.016866000", - "frame.time_delta": "0.005836000", - "frame.time_delta_displayed": "0.005836000", - "frame.time_relative": "34560.611662000", - "frame.number": "32885", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x0000c41b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000f2ec", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "44772", - "udp.port": "53", - "udp.port": "44772", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "356" - }, - "dns": { - "dns.response_to": "32884", - "dns.time": "0.005836000", - "dns.id": "0x000004d6", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "143", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2357", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.27" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.42" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "373", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "373", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "373", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "373", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "373", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "373", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "373", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "373", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "373", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3904", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4443", - "dns.resp.len": "4", - "dns.a": "204.2.166.154" - }, - "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.175": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "7217", - "dns.resp.len": "4", - "dns.a": "96.17.70.175" - }, - "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.174": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3284", - "dns.resp.len": "4", - "dns.a": "96.17.70.174" - }, - "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.175": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1690", - "dns.resp.len": "4", - "dns.a": "96.17.70.175" - }, - "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4243", - "dns.resp.len": "4", - "dns.a": "204.2.166.150" - }, - "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.154": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3827", - "dns.resp.len": "4", - "dns.a": "204.2.166.154" - }, - "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5929", - "dns.resp.len": "4", - "dns.a": "204.2.166.158" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3376", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 02:52:53.027071000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508493173.027071000", - "frame.time_delta": "3.719993000", - "frame.time_delta_displayed": "900.010205000", - "frame.time_relative": "35460.621867000", - "frame.number": "33758", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x000044d0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000073ed", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "54661", - "udp.dstport": "53", - "udp.port": "54661", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000835b", - "udp.checksum.status": "2", - "udp.stream": "360" - }, - "dns": { - "dns.response_in": "33759", - "dns.id": "0x000004d7", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 02:52:53.101742000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508493173.101742000", - "frame.time_delta": "0.074671000", - "frame.time_delta_displayed": "0.074671000", - "frame.time_relative": "35460.696538000", - "frame.number": "33759", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x0000f93b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bdcc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "54661", - "udp.port": "53", - "udp.port": "54661", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "360" - }, - "dns": { - "dns.response_to": "33758", - "dns.time": "0.074671000", - "dns.id": "0x000004d7", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "300", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1457", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.27" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.42" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3473", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3473", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3473", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3473", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3473", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3473", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3473", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3473", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3473", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3004", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3543", - "dns.resp.len": "4", - "dns.a": "204.2.166.154" - }, - "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.175": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6317", - "dns.resp.len": "4", - "dns.a": "96.17.70.175" - }, - "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.174": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2384", - "dns.resp.len": "4", - "dns.a": "96.17.70.174" - }, - "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.175": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "790", - "dns.resp.len": "4", - "dns.a": "96.17.70.175" - }, - "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3343", - "dns.resp.len": "4", - "dns.a": "204.2.166.150" - }, - "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.154": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2927", - "dns.resp.len": "4", - "dns.a": "204.2.166.154" - }, - "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5029", - "dns.resp.len": "4", - "dns.a": "204.2.166.158" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2476", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 03:07:53.107570000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508494073.107570000", - "frame.time_delta": "7.786097000", - "frame.time_delta_displayed": "900.005828000", - "frame.time_relative": "36360.702366000", - "frame.number": "34517", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x0000f210", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c6ac", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "49914", - "udp.dstport": "53", - "udp.port": "49914", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x000095e5", - "udp.checksum.status": "2", - "udp.stream": "368" - }, - "dns": { - "dns.response_in": "34518", - "dns.id": "0x000004d8", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 03:07:53.114086000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508494073.114086000", - "frame.time_delta": "0.006516000", - "frame.time_delta_displayed": "0.006516000", - "frame.time_relative": "36360.708882000", - "frame.number": "34518", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x0000cccb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ea3c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "49914", - "udp.port": "53", - "udp.port": "49914", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "368" - }, - "dns": { - "dns.response_to": "34517", - "dns.time": "0.006516000", - "dns.id": "0x000004d8", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "143", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "557", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.27" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.42" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2573", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2573", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2573", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2573", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2573", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2573", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2573", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2573", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2573", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2104", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2643", - "dns.resp.len": "4", - "dns.a": "204.2.166.154" - }, - "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.175": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5417", - "dns.resp.len": "4", - "dns.a": "96.17.70.175" - }, - "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.174": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1484", - "dns.resp.len": "4", - "dns.a": "96.17.70.174" - }, - "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.225": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5891", - "dns.resp.len": "4", - "dns.a": "209.18.46.225" - }, - "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2443", - "dns.resp.len": "4", - "dns.a": "204.2.166.150" - }, - "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.154": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2027", - "dns.resp.len": "4", - "dns.a": "204.2.166.154" - }, - "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4129", - "dns.resp.len": "4", - "dns.a": "204.2.166.158" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1576", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 03:22:53.123990000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508494973.123990000", - "frame.time_delta": "1.660357000", - "frame.time_delta_displayed": "900.009904000", - "frame.time_relative": "37260.718786000", - "frame.number": "35283", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x000001f8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b6c5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "44922", - "udp.dstport": "53", - "udp.port": "44922", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000a964", - "udp.checksum.status": "2", - "udp.stream": "372" - }, - "dns": { - "dns.response_in": "35284", - "dns.id": "0x000004d9", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 03:22:53.134103000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508494973.134103000", - "frame.time_delta": "0.010113000", - "frame.time_delta_displayed": "0.010113000", - "frame.time_relative": "37260.728899000", - "frame.number": "35284", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x000006d5", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b033", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "44922", - "udp.port": "53", - "udp.port": "44922", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "372" - }, - "dns": { - "dns.response_to": "35283", - "dns.time": "0.010113000", - "dns.id": "0x000004d9", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "144", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "21444", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.42" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.27" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1673", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1673", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1673", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1673", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1673", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1673", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1673", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1673", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1673", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1204", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1743", - "dns.resp.len": "4", - "dns.a": "204.2.166.154" - }, - "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.175": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4517", - "dns.resp.len": "4", - "dns.a": "96.17.70.175" - }, - "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.174": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "584", - "dns.resp.len": "4", - "dns.a": "96.17.70.174" - }, - "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.225": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4991", - "dns.resp.len": "4", - "dns.a": "209.18.46.225" - }, - "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1543", - "dns.resp.len": "4", - "dns.a": "204.2.166.150" - }, - "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.154": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1127", - "dns.resp.len": "4", - "dns.a": "204.2.166.154" - }, - "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3229", - "dns.resp.len": "4", - "dns.a": "204.2.166.158" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "676", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 03:33:22.916241000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508495602.916241000", - "frame.time_delta": "3.559096000", - "frame.time_delta_displayed": "629.782138000", - "frame.time_relative": "37890.511037000", - "frame.number": "35811", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00007ba1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003d19", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "49663", - "udp.dstport": "53", - "udp.port": "49663", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000fe63", - "udp.checksum.status": "2", - "udp.stream": "376" - }, - "dns": { - "dns.response_in": "35812", - "dns.id": "0x000004da", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 03:33:22.918183000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508495602.918183000", - "frame.time_delta": "0.001942000", - "frame.time_delta_displayed": "0.001942000", - "frame.time_relative": "37890.512979000", - "frame.number": "35812", - "frame.len": "137", - "frame.cap_len": "137", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "123", - "ip.id": "0x0000d276", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000e609", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "49663", - "udp.port": "53", - "udp.port": "49663", - "udp.length": "103", - "udp.checksum": "0x0000826a", - "udp.checksum.status": "2", - "udp.stream": "376" - }, - "dns": { - "dns.response_to": "35811", - "dns.time": "0.001942000", - "dns.id": "0x000004da", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "1", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - }, - "Authoritative nameservers": { - "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "6", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1787", - "dns.resp.len": "46", - "dns.soa.mname": "ns1.ext.philips.com", - "dns.soa.rname": "ddi-authority.philips.com", - "dns.soa.serial_number": "387", - "dns.soa.refresh_interval": "1200", - "dns.soa.retry_interval": "300", - "dns.soa.expire_limit": "1209600", - "dns.soa.mininum_ttl": "3600" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 03:33:22.920557000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508495602.920557000", - "frame.time_delta": "0.002374000", - "frame.time_delta_displayed": "0.002374000", - "frame.time_relative": "37890.515353000", - "frame.number": "35813", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00007ba2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003d18", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "33688", - "udp.dstport": "53", - "udp.port": "33688", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x000057ca", - "udp.checksum.status": "2", - "udp.stream": "377" - }, - "dns": { - "dns.response_in": "35814", - "dns.id": "0x000004db", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 03:33:22.922284000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508495602.922284000", - "frame.time_delta": "0.001727000", - "frame.time_delta_displayed": "0.001727000", - "frame.time_relative": "37890.517080000", - "frame.number": "35814", - "frame.len": "285", - "frame.cap_len": "285", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "271", - "ip.id": "0x0000d277", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000e574", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "33688", - "udp.port": "53", - "udp.port": "33688", - "udp.length": "251", - "udp.checksum": "0x000082fe", - "udp.checksum.status": "2", - "udp.stream": "377" - }, - "dns": { - "dns.response_to": "35813", - "dns.time": "0.001727000", - "dns.id": "0x000004db", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "3", - "dns.count.add_rr": "6", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2989", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - }, - "Authoritative nameservers": { - "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1787", - "dns.resp.len": "10", - "dns.ns": "ns3.ext.philips.com" - }, - "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1787", - "dns.resp.len": "6", - "dns.ns": "ns1.ext.philips.com" - }, - "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1787", - "dns.resp.len": "6", - "dns.ns": "ns2.ext.philips.com" - } - }, - "Additional records": { - "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { - "dns.resp.name": "ns1.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "119008", - "dns.resp.len": "4", - "dns.a": "57.67.40.20" - }, - "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "143726", - "dns.resp.len": "4", - "dns.a": "57.77.21.76" - }, - "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "143726", - "dns.resp.len": "4", - "dns.a": "57.73.36.68" - }, - "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { - "dns.resp.name": "ns1.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "122627", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce89:8001::57:67:40:20" - }, - "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "115200", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" - }, - "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "115200", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce9d:1::57:73:36:68" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 03:33:23.341511000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508495603.341511000", - "frame.time_delta": "0.001324000", - "frame.time_delta_displayed": "0.419227000", - "frame.time_relative": "37890.936307000", - "frame.number": "35830", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00007bba", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003d00", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "36096", - "udp.dstport": "53", - "udp.port": "36096", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00003361", - "udp.checksum.status": "2", - "udp.stream": "378" - }, - "dns": { - "dns.response_in": "35831", - "dns.id": "0x000004dc", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 03:33:23.341806000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508495603.341806000", - "frame.time_delta": "0.000295000", - "frame.time_delta_displayed": "0.000295000", - "frame.time_relative": "37890.936602000", - "frame.number": "35831", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000d284", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000e635", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "36096", - "udp.port": "53", - "udp.port": "36096", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "378" - }, - "dns": { - "dns.response_to": "35830", - "dns.time": "0.000295000", - "dns.id": "0x000004dc", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 03:33:23.342577000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508495603.342577000", - "frame.time_delta": "0.000771000", - "frame.time_delta_displayed": "0.000771000", - "frame.time_relative": "37890.937373000", - "frame.number": "35832", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00007bbb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00003cff", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "49358", - "udp.dstport": "53", - "udp.port": "49358", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00001a92", - "udp.checksum.status": "2", - "udp.stream": "379" - }, - "dns": { - "dns.response_in": "35833", - "dns.id": "0x000004dd", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 03:33:23.342908000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508495603.342908000", - "frame.time_delta": "0.000331000", - "frame.time_delta_displayed": "0.000331000", - "frame.time_relative": "37890.937704000", - "frame.number": "35833", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x0000d285", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000e624", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "49358", - "udp.port": "53", - "udp.port": "49358", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "379" - }, - "dns": { - "dns.response_to": "35832", - "dns.time": "0.000331000", - "dns.id": "0x000004dd", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2988", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 03:37:53.142390000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508495873.142390000", - "frame.time_delta": "3.770169000", - "frame.time_delta_displayed": "269.799482000", - "frame.time_relative": "38160.737186000", - "frame.number": "36053", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x0000d08e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000e82e", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "36775", - "udp.dstport": "53", - "udp.port": "36775", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000c932", - "udp.checksum.status": "2", - "udp.stream": "380" - }, - "dns": { - "dns.response_in": "36054", - "dns.id": "0x000004de", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 03:37:53.148990000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508495873.148990000", - "frame.time_delta": "0.006600000", - "frame.time_delta_displayed": "0.006600000", - "frame.time_relative": "38160.743786000", - "frame.number": "36054", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x0000fff7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b710", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "36775", - "udp.port": "53", - "udp.port": "36775", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "380" - }, - "dns": { - "dns.response_to": "36053", - "dns.time": "0.006600000", - "dns.id": "0x000004de", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "144", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20544", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.27" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.42" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "773", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "773", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "773", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "773", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "773", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "773", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "773", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "773", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "773", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "304", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "843", - "dns.resp.len": "4", - "dns.a": "204.2.166.154" - }, - "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.175": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3617", - "dns.resp.len": "4", - "dns.a": "96.17.70.175" - }, - "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3691", - "dns.resp.len": "4", - "dns.a": "173.223.52.108" - }, - "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.225": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4091", - "dns.resp.len": "4", - "dns.a": "209.18.46.225" - }, - "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "643", - "dns.resp.len": "4", - "dns.a": "204.2.166.150" - }, - "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.154": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "227", - "dns.resp.len": "4", - "dns.a": "204.2.166.154" - }, - "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2329", - "dns.resp.len": "4", - "dns.a": "204.2.166.158" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5779", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 03:52:53.157944000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508496773.157944000", - "frame.time_delta": "0.549528000", - "frame.time_delta_displayed": "900.008954000", - "frame.time_relative": "39060.752740000", - "frame.number": "36810", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x0000fe35", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ba87", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "58619", - "udp.dstport": "53", - "udp.port": "58619", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x000073dd", - "udp.checksum.status": "2", - "udp.stream": "384" - }, - "dns": { - "dns.response_in": "36811", - "dns.id": "0x000004df", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 03:52:53.164664000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508496773.164664000", - "frame.time_delta": "0.006720000", - "frame.time_delta_displayed": "0.006720000", - "frame.time_relative": "39060.759460000", - "frame.number": "36811", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x00004af7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006c11", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "58619", - "udp.port": "53", - "udp.port": "58619", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "384" - }, - "dns": { - "dns.response_to": "36810", - "dns.time": "0.006720000", - "dns.id": "0x000004df", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "144", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "19644", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.27" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.42" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3873", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3873", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3873", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3873", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3873", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3873", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3873", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3873", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3873", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3407", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 96.17.70.173": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "7948", - "dns.resp.len": "4", - "dns.a": "96.17.70.173" - }, - "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.175": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2717", - "dns.resp.len": "4", - "dns.a": "96.17.70.175" - }, - "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2791", - "dns.resp.len": "4", - "dns.a": "173.223.52.108" - }, - "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.225": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3191", - "dns.resp.len": "4", - "dns.a": "209.18.46.225" - }, - "n5b.akamaiedge.net: type A, class IN, addr 209.18.46.218": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "7745", - "dns.resp.len": "4", - "dns.a": "209.18.46.218" - }, - "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.131": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3330", - "dns.resp.len": "4", - "dns.a": "173.223.52.131" - }, - "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1429", - "dns.resp.len": "4", - "dns.a": "204.2.166.158" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4879", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 04:07:53.171491000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508497673.171491000", - "frame.time_delta": "3.380707000", - "frame.time_delta_displayed": "900.006827000", - "frame.time_relative": "39960.766287000", - "frame.number": "37558", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x00001426", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000a497", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "46109", - "udp.dstport": "53", - "udp.port": "46109", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000a4ba", - "udp.checksum.status": "2", - "udp.stream": "388" - }, - "dns": { - "dns.response_in": "37559", - "dns.id": "0x000004e0", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 04:07:53.178025000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508497673.178025000", - "frame.time_delta": "0.006534000", - "frame.time_delta_displayed": "0.006534000", - "frame.time_relative": "39960.772821000", - "frame.number": "37559", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x0000d1c0", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000e547", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "46109", - "udp.port": "53", - "udp.port": "46109", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "388" - }, - "dns": { - "dns.response_to": "37558", - "dns.time": "0.006534000", - "dns.id": "0x000004e0", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "121", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "16919", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.27" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.42" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2890", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2890", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2890", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2890", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2890", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2890", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2890", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2890", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2890", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "220", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.233": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2919", - "dns.resp.len": "4", - "dns.a": "173.197.192.233" - }, - "n2b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3429", - "dns.resp.len": "4", - "dns.a": "204.1.137.41" - }, - "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3625", - "dns.resp.len": "4", - "dns.a": "173.223.52.108" - }, - "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.217": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4526", - "dns.resp.len": "4", - "dns.a": "209.18.46.217" - }, - "n5b.akamaiedge.net: type A, class IN, addr 209.18.46.223": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4270", - "dns.resp.len": "4", - "dns.a": "209.18.46.223" - }, - "n6b.akamaiedge.net: type A, class IN, addr 209.18.46.221": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "83", - "dns.resp.len": "4", - "dns.a": "209.18.46.221" - }, - "n7b.akamaiedge.net: type A, class IN, addr 173.223.52.108": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "127", - "dns.resp.len": "4", - "dns.a": "173.223.52.108" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5928", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 04:22:53.188284000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508498573.188284000", - "frame.time_delta": "2.605383000", - "frame.time_delta_displayed": "900.010259000", - "frame.time_relative": "40860.783080000", - "frame.number": "38342", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x00001f18", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000099a5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "55484", - "udp.dstport": "53", - "udp.port": "55484", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000801a", - "udp.checksum.status": "2", - "udp.stream": "397" - }, - "dns": { - "dns.response_in": "38343", - "dns.id": "0x000004e1", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 04:22:53.198461000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508498573.198461000", - "frame.time_delta": "0.010177000", - "frame.time_delta_displayed": "0.010177000", - "frame.time_relative": "40860.793257000", - "frame.number": "38343", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x00000c8c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000aa7c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "55484", - "udp.port": "53", - "udp.port": "55484", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "397" - }, - "dns": { - "dns.response_to": "38342", - "dns.time": "0.010177000", - "dns.id": "0x000004e1", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "121", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "16019", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.27" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.42" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1990", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1990", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1990", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1990", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1990", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1990", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1990", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1990", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1990", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3326", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.233": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2019", - "dns.resp.len": "4", - "dns.a": "173.197.192.233" - }, - "n2b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2529", - "dns.resp.len": "4", - "dns.a": "204.1.137.41" - }, - "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2725", - "dns.resp.len": "4", - "dns.a": "173.223.52.108" - }, - "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.217": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3626", - "dns.resp.len": "4", - "dns.a": "209.18.46.217" - }, - "n5b.akamaiedge.net: type A, class IN, addr 209.18.46.223": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3370", - "dns.resp.len": "4", - "dns.a": "209.18.46.223" - }, - "n6b.akamaiedge.net: type A, class IN, addr 173.197.192.232": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3208", - "dns.resp.len": "4", - "dns.a": "173.197.192.232" - }, - "n7b.akamaiedge.net: type A, class IN, addr 96.17.70.173": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5231", - "dns.resp.len": "4", - "dns.a": "96.17.70.173" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5028", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 04:33:23.646883000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508499203.646883000", - "frame.time_delta": "3.475755000", - "frame.time_delta_displayed": "630.448422000", - "frame.time_relative": "41491.241679000", - "frame.number": "38816", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000984f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000206b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "49413", - "udp.dstport": "53", - "udp.port": "49413", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000ff55", - "udp.checksum.status": "2", - "udp.stream": "398" - }, - "dns": { - "dns.response_in": "38817", - "dns.id": "0x000004e2", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 04:33:23.648923000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508499203.648923000", - "frame.time_delta": "0.002040000", - "frame.time_delta_displayed": "0.002040000", - "frame.time_relative": "41491.243719000", - "frame.number": "38817", - "frame.len": "137", - "frame.cap_len": "137", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "123", - "ip.id": "0x000050e3", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000679d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "49413", - "udp.port": "53", - "udp.port": "49413", - "udp.length": "103", - "udp.checksum": "0x0000826a", - "udp.checksum.status": "2", - "udp.stream": "398" - }, - "dns": { - "dns.response_to": "38816", - "dns.time": "0.002040000", - "dns.id": "0x000004e2", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "1", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - }, - "Authoritative nameservers": { - "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "6", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1786", - "dns.resp.len": "46", - "dns.soa.mname": "ns1.ext.philips.com", - "dns.soa.rname": "ddi-authority.philips.com", - "dns.soa.serial_number": "387", - "dns.soa.refresh_interval": "1200", - "dns.soa.retry_interval": "300", - "dns.soa.expire_limit": "1209600", - "dns.soa.mininum_ttl": "3600" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 04:33:23.651769000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508499203.651769000", - "frame.time_delta": "0.002846000", - "frame.time_delta_displayed": "0.002846000", - "frame.time_relative": "41491.246565000", - "frame.number": "38818", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00009850", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000206a", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "36635", - "udp.dstport": "53", - "udp.port": "36635", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00004c3f", - "udp.checksum.status": "2", - "udp.stream": "399" - }, - "dns": { - "dns.response_in": "38819", - "dns.id": "0x000004e3", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 04:33:23.653376000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508499203.653376000", - "frame.time_delta": "0.001607000", - "frame.time_delta_displayed": "0.001607000", - "frame.time_relative": "41491.248172000", - "frame.number": "38819", - "frame.len": "285", - "frame.cap_len": "285", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "271", - "ip.id": "0x000050e4", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00006708", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "36635", - "udp.port": "53", - "udp.port": "36635", - "udp.length": "251", - "udp.checksum": "0x000082fe", - "udp.checksum.status": "2", - "udp.stream": "399" - }, - "dns": { - "dns.response_to": "38818", - "dns.time": "0.001607000", - "dns.id": "0x000004e3", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "3", - "dns.count.add_rr": "6", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2989", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - }, - "Authoritative nameservers": { - "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1786", - "dns.resp.len": "10", - "dns.ns": "ns1.ext.philips.com" - }, - "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1786", - "dns.resp.len": "6", - "dns.ns": "ns2.ext.philips.com" - }, - "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1786", - "dns.resp.len": "6", - "dns.ns": "ns3.ext.philips.com" - } - }, - "Additional records": { - "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { - "dns.resp.name": "ns1.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "115407", - "dns.resp.len": "4", - "dns.a": "57.67.40.20" - }, - "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "140125", - "dns.resp.len": "4", - "dns.a": "57.77.21.76" - }, - "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "140125", - "dns.resp.len": "4", - "dns.a": "57.73.36.68" - }, - "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { - "dns.resp.name": "ns1.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "119026", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce89:8001::57:67:40:20" - }, - "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "111599", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" - }, - "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "111599", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce9d:1::57:73:36:68" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 04:33:24.064209000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508499204.064209000", - "frame.time_delta": "0.000887000", - "frame.time_delta_displayed": "0.410833000", - "frame.time_relative": "41491.659005000", - "frame.number": "38835", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00009876", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002044", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "44523", - "udp.dstport": "53", - "udp.port": "44523", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000126e", - "udp.checksum.status": "2", - "udp.stream": "400" - }, - "dns": { - "dns.response_in": "38836", - "dns.id": "0x000004e4", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 04:33:24.064806000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508499204.064806000", - "frame.time_delta": "0.000597000", - "frame.time_delta_displayed": "0.000597000", - "frame.time_relative": "41491.659602000", - "frame.number": "38836", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00005106", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000067b4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "44523", - "udp.port": "53", - "udp.port": "44523", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "400" - }, - "dns": { - "dns.response_to": "38835", - "dns.time": "0.000597000", - "dns.id": "0x000004e4", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 04:33:24.065754000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508499204.065754000", - "frame.time_delta": "0.000948000", - "frame.time_delta_displayed": "0.000948000", - "frame.time_relative": "41491.660550000", - "frame.number": "38837", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00009877", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002043", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "44144", - "udp.dstport": "53", - "udp.port": "44144", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00002ee8", - "udp.checksum.status": "2", - "udp.stream": "401" - }, - "dns": { - "dns.response_in": "38838", - "dns.id": "0x000004e5", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 04:33:24.066174000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508499204.066174000", - "frame.time_delta": "0.000420000", - "frame.time_delta_displayed": "0.000420000", - "frame.time_relative": "41491.660970000", - "frame.number": "38838", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x00005107", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000067a3", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "44144", - "udp.port": "53", - "udp.port": "44144", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "401" - }, - "dns": { - "dns.response_to": "38837", - "dns.time": "0.000420000", - "dns.id": "0x000004e5", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2988", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 04:37:53.206495000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508499473.206495000", - "frame.time_delta": "0.549295000", - "frame.time_delta_displayed": "269.140321000", - "frame.time_relative": "41760.801291000", - "frame.number": "39097", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x0000dbe6", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000dcd6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "45662", - "udp.dstport": "53", - "udp.port": "45662", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000a673", - "udp.checksum.status": "2", - "udp.stream": "405" - }, - "dns": { - "dns.response_in": "39098", - "dns.id": "0x000004e6", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 04:37:53.212525000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508499473.212525000", - "frame.time_delta": "0.006030000", - "frame.time_delta_displayed": "0.006030000", - "frame.time_relative": "41760.807321000", - "frame.number": "39098", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x0000808b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000367d", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "45662", - "udp.port": "53", - "udp.port": "45662", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "405" - }, - "dns": { - "dns.response_to": "39097", - "dns.time": "0.006030000", - "dns.id": "0x000004e6", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "121", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "15119", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.27" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.42" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1090", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1090", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1090", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1090", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1090", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1090", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1090", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1090", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1090", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2426", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.233": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1119", - "dns.resp.len": "4", - "dns.a": "173.197.192.233" - }, - "n2b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1629", - "dns.resp.len": "4", - "dns.a": "204.1.137.41" - }, - "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1825", - "dns.resp.len": "4", - "dns.a": "173.223.52.108" - }, - "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.217": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2726", - "dns.resp.len": "4", - "dns.a": "209.18.46.217" - }, - "n5b.akamaiedge.net: type A, class IN, addr 209.18.46.223": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2470", - "dns.resp.len": "4", - "dns.a": "209.18.46.223" - }, - "n6b.akamaiedge.net: type A, class IN, addr 173.197.192.232": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2308", - "dns.resp.len": "4", - "dns.a": "173.197.192.232" - }, - "n7b.akamaiedge.net: type A, class IN, addr 96.17.70.173": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4331", - "dns.resp.len": "4", - "dns.a": "96.17.70.173" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4128", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 04:52:53.219299000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508500373.219299000", - "frame.time_delta": "3.495831000", - "frame.time_delta_displayed": "900.006774000", - "frame.time_relative": "42660.814095000", - "frame.number": "39806", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x00005dbd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005b00", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "40448", - "udp.dstport": "53", - "udp.port": "40448", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000bad0", - "udp.checksum.status": "2", - "udp.stream": "409" - }, - "dns": { - "dns.response_in": "39807", - "dns.id": "0x000004e7", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 04:52:53.225624000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508500373.225624000", - "frame.time_delta": "0.006325000", - "frame.time_delta_displayed": "0.006325000", - "frame.time_relative": "42660.820420000", - "frame.number": "39807", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x0000ac16", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000af2", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "40448", - "udp.port": "53", - "udp.port": "40448", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "409" - }, - "dns": { - "dns.response_to": "39806", - "dns.time": "0.006325000", - "dns.id": "0x000004e7", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "122", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "14219", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.42" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.27" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "190", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "190", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "190", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "190", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "190", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "190", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "190", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "190", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "190", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1526", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.233": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "219", - "dns.resp.len": "4", - "dns.a": "173.197.192.233" - }, - "n2b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "729", - "dns.resp.len": "4", - "dns.a": "204.1.137.41" - }, - "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "925", - "dns.resp.len": "4", - "dns.a": "173.223.52.108" - }, - "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.217": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1826", - "dns.resp.len": "4", - "dns.a": "209.18.46.217" - }, - "n5b.akamaiedge.net: type A, class IN, addr 209.18.46.223": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1570", - "dns.resp.len": "4", - "dns.a": "209.18.46.223" - }, - "n6b.akamaiedge.net: type A, class IN, addr 173.197.192.232": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1408", - "dns.resp.len": "4", - "dns.a": "173.197.192.232" - }, - "n7b.akamaiedge.net: type A, class IN, addr 96.17.70.173": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3431", - "dns.resp.len": "4", - "dns.a": "96.17.70.173" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3228", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 05:07:53.234776000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508501273.234776000", - "frame.time_delta": "0.078020000", - "frame.time_delta_displayed": "900.009152000", - "frame.time_relative": "43560.829572000", - "frame.number": "40624", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x00006faa", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004913", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56663", - "udp.dstport": "53", - "udp.port": "56663", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x00007b78", - "udp.checksum.status": "2", - "udp.stream": "410" - }, - "dns": { - "dns.response_in": "40625", - "dns.id": "0x000004e8", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 05:07:53.240805000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508501273.240805000", - "frame.time_delta": "0.006029000", - "frame.time_delta_displayed": "0.006029000", - "frame.time_relative": "43560.835601000", - "frame.number": "40625", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x0000456f", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007199", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "56663", - "udp.port": "53", - "udp.port": "56663", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "410" - }, - "dns": { - "dns.response_to": "40624", - "dns.time": "0.006029000", - "dns.id": "0x000004e8", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "122", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "13319", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.42" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.27" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3298", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3298", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3298", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3298", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3298", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3298", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3298", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3298", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3298", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "626", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "7320", - "dns.resp.len": "4", - "dns.a": "173.223.52.109" - }, - "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "7830", - "dns.resp.len": "4", - "dns.a": "173.223.52.109" - }, - "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "25", - "dns.resp.len": "4", - "dns.a": "173.223.52.108" - }, - "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.217": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "926", - "dns.resp.len": "4", - "dns.a": "209.18.46.217" - }, - "n5b.akamaiedge.net: type A, class IN, addr 209.18.46.223": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "670", - "dns.resp.len": "4", - "dns.a": "209.18.46.223" - }, - "n6b.akamaiedge.net: type A, class IN, addr 173.197.192.232": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "508", - "dns.resp.len": "4", - "dns.a": "173.197.192.232" - }, - "n7b.akamaiedge.net: type A, class IN, addr 96.17.70.173": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2531", - "dns.resp.len": "4", - "dns.a": "96.17.70.173" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2328", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 05:22:53.251101000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508502173.251101000", - "frame.time_delta": "2.791011000", - "frame.time_delta_displayed": "900.010296000", - "frame.time_relative": "44460.845897000", - "frame.number": "41391", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x0000c79b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000f121", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "47619", - "udp.dstport": "53", - "udp.port": "47619", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x00009ecb", - "udp.checksum.status": "2", - "udp.stream": "417" - }, - "dns": { - "dns.response_in": "41392", - "dns.id": "0x000004e9", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 05:22:53.257780000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508502173.257780000", - "frame.time_delta": "0.006679000", - "frame.time_delta_displayed": "0.006679000", - "frame.time_relative": "44460.852576000", - "frame.number": "41392", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x00002ab8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008c50", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "47619", - "udp.port": "53", - "udp.port": "47619", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "417" - }, - "dns": { - "dns.response_to": "41391", - "dns.time": "0.006679000", - "dns.id": "0x000004e9", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "122", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "12419", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.42" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.27" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2398", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2398", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2398", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2398", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2398", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2398", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2398", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2398", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2398", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3749", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6420", - "dns.resp.len": "4", - "dns.a": "173.223.52.109" - }, - "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6930", - "dns.resp.len": "4", - "dns.a": "173.223.52.109" - }, - "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.133": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3133", - "dns.resp.len": "4", - "dns.a": "173.223.52.133" - }, - "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.217": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "26", - "dns.resp.len": "4", - "dns.a": "209.18.46.217" - }, - "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "7774", - "dns.resp.len": "4", - "dns.a": "204.2.166.158" - }, - "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3612", - "dns.resp.len": "4", - "dns.a": "204.2.166.150" - }, - "n7b.akamaiedge.net: type A, class IN, addr 96.17.70.173": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1631", - "dns.resp.len": "4", - "dns.a": "96.17.70.173" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1428", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 05:33:22.354168000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508502802.354168000", - "frame.time_delta": "7.493030000", - "frame.time_delta_displayed": "629.096388000", - "frame.time_relative": "45089.948964000", - "frame.number": "41927", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00004173", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007747", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "36484", - "udp.dstport": "53", - "udp.port": "36484", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x000031cf", - "udp.checksum.status": "2", - "udp.stream": "422" - }, - "dns": { - "dns.response_in": "41928", - "dns.id": "0x000004ea", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 05:33:22.356157000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508502802.356157000", - "frame.time_delta": "0.001989000", - "frame.time_delta_displayed": "0.001989000", - "frame.time_relative": "45089.950953000", - "frame.number": "41928", - "frame.len": "137", - "frame.cap_len": "137", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "123", - "ip.id": "0x00009f4a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001936", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "36484", - "udp.port": "53", - "udp.port": "36484", - "udp.length": "103", - "udp.checksum": "0x0000826a", - "udp.checksum.status": "2", - "udp.stream": "422" - }, - "dns": { - "dns.response_to": "41927", - "dns.time": "0.001989000", - "dns.id": "0x000004ea", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "1", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - }, - "Authoritative nameservers": { - "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "6", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1", - "dns.resp.len": "46", - "dns.soa.mname": "ns1.ext.philips.com", - "dns.soa.rname": "ddi-authority.philips.com", - "dns.soa.serial_number": "387", - "dns.soa.refresh_interval": "1200", - "dns.soa.retry_interval": "300", - "dns.soa.expire_limit": "1209600", - "dns.soa.mininum_ttl": "3600" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 05:33:22.357016000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508502802.357016000", - "frame.time_delta": "0.000859000", - "frame.time_delta_displayed": "0.000859000", - "frame.time_relative": "45089.951812000", - "frame.number": "41929", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00004174", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007746", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "37527", - "udp.dstport": "53", - "udp.port": "37527", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x000048bb", - "udp.checksum.status": "2", - "udp.stream": "423" - }, - "dns": { - "dns.response_in": "41930", - "dns.id": "0x000004eb", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 05:33:22.358502000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508502802.358502000", - "frame.time_delta": "0.001486000", - "frame.time_delta_displayed": "0.001486000", - "frame.time_relative": "45089.953298000", - "frame.number": "41930", - "frame.len": "285", - "frame.cap_len": "285", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "271", - "ip.id": "0x00009f4b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000018a1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "37527", - "udp.port": "53", - "udp.port": "37527", - "udp.length": "251", - "udp.checksum": "0x000082fe", - "udp.checksum.status": "2", - "udp.stream": "423" - }, - "dns": { - "dns.response_to": "41929", - "dns.time": "0.001486000", - "dns.id": "0x000004eb", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "3", - "dns.count.add_rr": "6", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "413", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - }, - "Authoritative nameservers": { - "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2799", - "dns.resp.len": "10", - "dns.ns": "ns2.ext.philips.com" - }, - "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2799", - "dns.resp.len": "6", - "dns.ns": "ns3.ext.philips.com" - }, - "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2799", - "dns.resp.len": "6", - "dns.ns": "ns1.ext.philips.com" - } - }, - "Additional records": { - "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { - "dns.resp.name": "ns1.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "161051", - "dns.resp.len": "4", - "dns.a": "57.67.40.20" - }, - "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "131974", - "dns.resp.len": "4", - "dns.a": "57.77.21.76" - }, - "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "131974", - "dns.resp.len": "4", - "dns.a": "57.73.36.68" - }, - "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { - "dns.resp.name": "ns1.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "150229", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce89:8001::57:67:40:20" - }, - "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "21951", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" - }, - "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "21951", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce9d:1::57:73:36:68" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 05:33:22.769938000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508502802.769938000", - "frame.time_delta": "0.000959000", - "frame.time_delta_displayed": "0.411436000", - "frame.time_relative": "45090.364734000", - "frame.number": "41946", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000418a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00007730", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "35698", - "udp.dstport": "53", - "udp.port": "35698", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x000034df", - "udp.checksum.status": "2", - "udp.stream": "424" - }, - "dns": { - "dns.response_in": "41947", - "dns.id": "0x000004ec", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 05:33:22.770497000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508502802.770497000", - "frame.time_delta": "0.000559000", - "frame.time_delta_displayed": "0.000559000", - "frame.time_relative": "45090.365293000", - "frame.number": "41947", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00009f51", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001969", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "35698", - "udp.port": "53", - "udp.port": "35698", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "424" - }, - "dns": { - "dns.response_to": "41946", - "dns.time": "0.000559000", - "dns.id": "0x000004ec", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 05:33:22.771306000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508502802.771306000", - "frame.time_delta": "0.000809000", - "frame.time_delta_displayed": "0.000809000", - "frame.time_relative": "45090.366102000", - "frame.number": "41948", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000418b", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000772f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "59480", - "udp.dstport": "53", - "udp.port": "59480", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000f2f7", - "udp.checksum.status": "2", - "udp.stream": "425" - }, - "dns": { - "dns.response_in": "41949", - "dns.id": "0x000004ed", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 05:33:22.771826000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508502802.771826000", - "frame.time_delta": "0.000520000", - "frame.time_delta_displayed": "0.000520000", - "frame.time_relative": "45090.366622000", - "frame.number": "41949", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x00009f52", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00001958", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "59480", - "udp.port": "53", - "udp.port": "59480", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "425" - }, - "dns": { - "dns.response_to": "41948", - "dns.time": "0.000520000", - "dns.id": "0x000004ed", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "413", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 05:37:53.266045000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508503073.266045000", - "frame.time_delta": "2.473971000", - "frame.time_delta_displayed": "270.494219000", - "frame.time_relative": "45360.860841000", - "frame.number": "42165", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x00006f25", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00004998", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "45073", - "udp.dstport": "53", - "udp.port": "45073", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000a8b8", - "udp.checksum.status": "2", - "udp.stream": "426" - }, - "dns": { - "dns.response_in": "42166", - "dns.id": "0x000004ee", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 05:37:53.344536000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508503073.344536000", - "frame.time_delta": "0.078491000", - "frame.time_delta_displayed": "0.078491000", - "frame.time_relative": "45360.939332000", - "frame.number": "42166", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x0000a957", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000db1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "45073", - "udp.port": "53", - "udp.port": "45073", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "426" - }, - "dns": { - "dns.response_to": "42165", - "dns.time": "0.078491000", - "dns.id": "0x000004ee", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "300", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "13344", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.42" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.27" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1573", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1573", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1573", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1573", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1573", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1573", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1573", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1573", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1573", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1109", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 96.17.70.173": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1648", - "dns.resp.len": "4", - "dns.a": "96.17.70.173" - }, - "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.131": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4418", - "dns.resp.len": "4", - "dns.a": "173.223.52.131" - }, - "n3b.akamaiedge.net: type A, class IN, addr 209.18.46.223": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "492", - "dns.resp.len": "4", - "dns.a": "209.18.46.223" - }, - "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.225": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2893", - "dns.resp.len": "4", - "dns.a": "209.18.46.225" - }, - "n5b.akamaiedge.net: type A, class IN, addr 209.18.46.218": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1445", - "dns.resp.len": "4", - "dns.a": "209.18.46.218" - }, - "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.133": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1033", - "dns.resp.len": "4", - "dns.a": "173.223.52.133" - }, - "n7b.akamaiedge.net: type A, class IN, addr 96.17.70.173": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1131", - "dns.resp.len": "4", - "dns.a": "96.17.70.173" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4587", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 05:52:53.349738000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508503973.349738000", - "frame.time_delta": "0.133221000", - "frame.time_delta_displayed": "900.005202000", - "frame.time_relative": "46260.944534000", - "frame.number": "42899", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x00003ed9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000079e4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "37008", - "udp.dstport": "53", - "udp.port": "37008", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000c838", - "udp.checksum.status": "2", - "udp.stream": "430" - }, - "dns": { - "dns.response_in": "42900", - "dns.id": "0x000004ef", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 05:52:53.356337000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508503973.356337000", - "frame.time_delta": "0.006599000", - "frame.time_delta_displayed": "0.006599000", - "frame.time_relative": "46260.951133000", - "frame.number": "42900", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x0000f284", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c483", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "37008", - "udp.port": "53", - "udp.port": "37008", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "430" - }, - "dns": { - "dns.response_to": "42899", - "dns.time": "0.006599000", - "dns.id": "0x000004ef", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "123", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "10619", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.42" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.27" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "598", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "598", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "598", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "598", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "598", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "598", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "598", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "598", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "598", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1949", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4620", - "dns.resp.len": "4", - "dns.a": "173.223.52.109" - }, - "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5130", - "dns.resp.len": "4", - "dns.a": "173.223.52.109" - }, - "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.133": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1333", - "dns.resp.len": "4", - "dns.a": "173.223.52.133" - }, - "n4b.akamaiedge.net: type A, class IN, addr 204.2.166.157": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4233", - "dns.resp.len": "4", - "dns.a": "204.2.166.157" - }, - "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5974", - "dns.resp.len": "4", - "dns.a": "204.2.166.158" - }, - "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1812", - "dns.resp.len": "4", - "dns.a": "204.2.166.150" - }, - "n7b.akamaiedge.net: type A, class IN, addr 165.254.157.167": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5834", - "dns.resp.len": "4", - "dns.a": "165.254.157.167" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5629", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 06:07:53.361739000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508504873.361739000", - "frame.time_delta": "3.522645000", - "frame.time_delta_displayed": "900.005402000", - "frame.time_relative": "47160.956535000", - "frame.number": "43627", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x00002003", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000098ba", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "32771", - "udp.dstport": "53", - "udp.port": "32771", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000d8c4", - "udp.checksum.status": "2", - "udp.stream": "434" - }, - "dns": { - "dns.response_in": "43628", - "dns.id": "0x000004f0", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 06:07:53.369270000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508504873.369270000", - "frame.time_delta": "0.007531000", - "frame.time_delta_displayed": "0.007531000", - "frame.time_relative": "47160.964066000", - "frame.number": "43628", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x0000dd37", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000d9d0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "32771", - "udp.port": "53", - "udp.port": "32771", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "434" - }, - "dns": { - "dns.response_to": "43627", - "dns.time": "0.007531000", - "dns.id": "0x000004f0", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "126", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "9719", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.125" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.112" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3700", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3700", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3700", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3700", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3700", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3700", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3700", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3700", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3700", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1049", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3720", - "dns.resp.len": "4", - "dns.a": "173.223.52.109" - }, - "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4230", - "dns.resp.len": "4", - "dns.a": "173.223.52.109" - }, - "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.133": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "433", - "dns.resp.len": "4", - "dns.a": "173.223.52.133" - }, - "n4b.akamaiedge.net: type A, class IN, addr 204.2.166.157": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3333", - "dns.resp.len": "4", - "dns.a": "204.2.166.157" - }, - "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5074", - "dns.resp.len": "4", - "dns.a": "204.2.166.158" - }, - "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "912", - "dns.resp.len": "4", - "dns.a": "204.2.166.150" - }, - "n7b.akamaiedge.net: type A, class IN, addr 165.254.157.167": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4934", - "dns.resp.len": "4", - "dns.a": "165.254.157.167" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4729", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 06:22:53.379501000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508505773.379501000", - "frame.time_delta": "5.573394000", - "frame.time_delta_displayed": "900.010231000", - "frame.time_relative": "48060.974297000", - "frame.number": "44377", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x0000ea56", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000ce66", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "47638", - "udp.dstport": "53", - "udp.port": "47638", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x00009eb0", - "udp.checksum.status": "2", - "udp.stream": "438" - }, - "dns": { - "dns.response_in": "44378", - "dns.id": "0x000004f1", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 06:22:53.386242000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508505773.386242000", - "frame.time_delta": "0.006741000", - "frame.time_delta_displayed": "0.006741000", - "frame.time_relative": "48060.981038000", - "frame.number": "44378", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x000016a1", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000a067", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "47638", - "udp.port": "53", - "udp.port": "47638", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "438" - }, - "dns": { - "dns.response_to": "44377", - "dns.time": "0.006741000", - "dns.id": "0x000004f1", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "126", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "8819", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.27" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "184.84.242.42" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2800", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2800", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2800", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2800", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2800", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2800", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2800", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2800", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2800", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "149", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2820", - "dns.resp.len": "4", - "dns.a": "173.223.52.109" - }, - "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3330", - "dns.resp.len": "4", - "dns.a": "173.223.52.109" - }, - "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.192": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3537", - "dns.resp.len": "4", - "dns.a": "96.17.70.192" - }, - "n4b.akamaiedge.net: type A, class IN, addr 204.2.166.157": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2433", - "dns.resp.len": "4", - "dns.a": "204.2.166.157" - }, - "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4174", - "dns.resp.len": "4", - "dns.a": "204.2.166.158" - }, - "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "12", - "dns.resp.len": "4", - "dns.a": "204.2.166.150" - }, - "n7b.akamaiedge.net: type A, class IN, addr 165.254.157.167": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4034", - "dns.resp.len": "4", - "dns.a": "165.254.157.167" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3829", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 06:33:22.946788000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508506402.946788000", - "frame.time_delta": "0.766058000", - "frame.time_delta_displayed": "629.560546000", - "frame.time_relative": "48690.541584000", - "frame.number": "44868", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000bdc8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000faf1", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "34522", - "udp.dstport": "53", - "udp.port": "34522", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00003971", - "udp.checksum.status": "2", - "udp.stream": "444" - }, - "dns": { - "dns.response_in": "44869", - "dns.id": "0x000004f2", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 06:33:22.948908000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508506402.948908000", - "frame.time_delta": "0.002120000", - "frame.time_delta_displayed": "0.002120000", - "frame.time_relative": "48690.543704000", - "frame.number": "44869", - "frame.len": "137", - "frame.cap_len": "137", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "123", - "ip.id": "0x00005bc7", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005cb9", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "34522", - "udp.port": "53", - "udp.port": "34522", - "udp.length": "103", - "udp.checksum": "0x0000826a", - "udp.checksum.status": "2", - "udp.stream": "444" - }, - "dns": { - "dns.response_to": "44868", - "dns.time": "0.002120000", - "dns.id": "0x000004f2", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "1", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - }, - "Authoritative nameservers": { - "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "6", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "413", - "dns.resp.len": "46", - "dns.soa.mname": "ns1.ext.philips.com", - "dns.soa.rname": "ddi-authority.philips.com", - "dns.soa.serial_number": "387", - "dns.soa.refresh_interval": "1200", - "dns.soa.retry_interval": "300", - "dns.soa.expire_limit": "1209600", - "dns.soa.mininum_ttl": "3600" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 06:33:22.950083000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508506402.950083000", - "frame.time_delta": "0.001175000", - "frame.time_delta_displayed": "0.001175000", - "frame.time_relative": "48690.544879000", - "frame.number": "44870", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000bdc9", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000faf0", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "33646", - "udp.dstport": "53", - "udp.port": "33646", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x000057dc", - "udp.checksum.status": "2", - "udp.stream": "445" - }, - "dns": { - "dns.response_in": "44871", - "dns.id": "0x000004f3", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 06:33:22.951622000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508506402.951622000", - "frame.time_delta": "0.001539000", - "frame.time_delta_displayed": "0.001539000", - "frame.time_relative": "48690.546418000", - "frame.number": "44871", - "frame.len": "285", - "frame.cap_len": "285", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "271", - "ip.id": "0x00005bc8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005c24", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "33646", - "udp.port": "53", - "udp.port": "33646", - "udp.length": "251", - "udp.checksum": "0x000082fe", - "udp.checksum.status": "2", - "udp.stream": "445" - }, - "dns": { - "dns.response_to": "44870", - "dns.time": "0.001539000", - "dns.id": "0x000004f3", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "3", - "dns.count.add_rr": "6", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "413", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - }, - "Authoritative nameservers": { - "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2799", - "dns.resp.len": "10", - "dns.ns": "ns1.ext.philips.com" - }, - "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2799", - "dns.resp.len": "6", - "dns.ns": "ns3.ext.philips.com" - }, - "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2799", - "dns.resp.len": "6", - "dns.ns": "ns2.ext.philips.com" - } - }, - "Additional records": { - "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { - "dns.resp.name": "ns1.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "157451", - "dns.resp.len": "4", - "dns.a": "57.67.40.20" - }, - "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "128374", - "dns.resp.len": "4", - "dns.a": "57.77.21.76" - }, - "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "128374", - "dns.resp.len": "4", - "dns.a": "57.73.36.68" - }, - "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { - "dns.resp.name": "ns1.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "146629", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce89:8001::57:67:40:20" - }, - "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "18351", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" - }, - "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "18351", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce9d:1::57:73:36:68" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 06:33:23.416488000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508506403.416488000", - "frame.time_delta": "0.000964000", - "frame.time_delta_displayed": "0.464866000", - "frame.time_relative": "48691.011284000", - "frame.number": "44887", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000bddb", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000fade", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "59813", - "udp.dstport": "53", - "udp.port": "59813", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000d6a3", - "udp.checksum.status": "2", - "udp.stream": "446" - }, - "dns": { - "dns.response_in": "44888", - "dns.id": "0x000004f4", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 06:33:23.416961000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508506403.416961000", - "frame.time_delta": "0.000473000", - "frame.time_delta_displayed": "0.000473000", - "frame.time_relative": "48691.011757000", - "frame.number": "44888", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x00005bce", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005cec", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "59813", - "udp.port": "53", - "udp.port": "59813", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "446" - }, - "dns": { - "dns.response_to": "44887", - "dns.time": "0.000473000", - "dns.id": "0x000004f4", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 06:33:23.417890000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508506403.417890000", - "frame.time_delta": "0.000929000", - "frame.time_delta_displayed": "0.000929000", - "frame.time_relative": "48691.012686000", - "frame.number": "44889", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000bddc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000fadd", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "44681", - "udp.dstport": "53", - "udp.port": "44681", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00002cbf", - "udp.checksum.status": "2", - "udp.stream": "447" - }, - "dns": { - "dns.response_in": "44890", - "dns.id": "0x000004f5", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 06:33:23.418452000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508506403.418452000", - "frame.time_delta": "0.000562000", - "frame.time_delta_displayed": "0.000562000", - "frame.time_relative": "48691.013248000", - "frame.number": "44890", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x00005bcf", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00005cdb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "44681", - "udp.port": "53", - "udp.port": "44681", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "447" - }, - "dns": { - "dns.response_to": "44889", - "dns.time": "0.000562000", - "dns.id": "0x000004f5", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "412", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 06:37:53.397275000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508506673.397275000", - "frame.time_delta": "0.977714000", - "frame.time_delta_displayed": "269.978823000", - "frame.time_relative": "48960.992071000", - "frame.number": "45164", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x0000f463", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000c459", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53189", - "udp.dstport": "53", - "udp.port": "53189", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x000088fc", - "udp.checksum.status": "2", - "udp.stream": "449" - }, - "dns": { - "dns.response_in": "45165", - "dns.id": "0x000004f6", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 06:37:53.407078000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508506673.407078000", - "frame.time_delta": "0.009803000", - "frame.time_delta_displayed": "0.009803000", - "frame.time_relative": "48961.001874000", - "frame.number": "45165", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x0000adc8", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00000940", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "53189", - "udp.port": "53", - "udp.port": "53189", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "449" - }, - "dns": { - "dns.response_to": "45164", - "dns.time": "0.009803000", - "dns.id": "0x000004f6", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "127", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "7919", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.112" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.125" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1900", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1900", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1900", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1900", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1900", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1900", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1900", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1900", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1900", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3256", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1920", - "dns.resp.len": "4", - "dns.a": "173.223.52.109" - }, - "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2430", - "dns.resp.len": "4", - "dns.a": "173.223.52.109" - }, - "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.192": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2637", - "dns.resp.len": "4", - "dns.a": "96.17.70.192" - }, - "n4b.akamaiedge.net: type A, class IN, addr 204.2.166.157": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1533", - "dns.resp.len": "4", - "dns.a": "204.2.166.157" - }, - "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3274", - "dns.resp.len": "4", - "dns.a": "204.2.166.158" - }, - "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.188": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3115", - "dns.resp.len": "4", - "dns.a": "96.17.70.188" - }, - "n7b.akamaiedge.net: type A, class IN, addr 165.254.157.167": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3134", - "dns.resp.len": "4", - "dns.a": "165.254.157.167" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2929", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 06:52:53.416716000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508507573.416716000", - "frame.time_delta": "1.378707000", - "frame.time_delta_displayed": "900.009638000", - "frame.time_relative": "49861.011512000", - "frame.number": "45902", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x000028c2", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00008ffb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53544", - "udp.dstport": "53", - "udp.port": "53544", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x00008798", - "udp.checksum.status": "2", - "udp.stream": "454" - }, - "dns": { - "dns.response_in": "45903", - "dns.id": "0x000004f7", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 06:52:53.422982000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508507573.422982000", - "frame.time_delta": "0.006266000", - "frame.time_delta_displayed": "0.006266000", - "frame.time_relative": "49861.017778000", - "frame.number": "45903", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x0000f786", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bf81", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "53544", - "udp.port": "53", - "udp.port": "53544", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "454" - }, - "dns": { - "dns.response_to": "45902", - "dns.time": "0.006266000", - "dns.id": "0x000004f7", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "127", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "7019", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.112" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.125" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1000", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1000", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1000", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1000", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1000", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1000", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1000", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1000", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1000", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2356", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1020", - "dns.resp.len": "4", - "dns.a": "173.223.52.109" - }, - "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1530", - "dns.resp.len": "4", - "dns.a": "173.223.52.109" - }, - "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.192": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1737", - "dns.resp.len": "4", - "dns.a": "96.17.70.192" - }, - "n4b.akamaiedge.net: type A, class IN, addr 204.2.166.157": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "633", - "dns.resp.len": "4", - "dns.a": "204.2.166.157" - }, - "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2374", - "dns.resp.len": "4", - "dns.a": "204.2.166.158" - }, - "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.188": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2215", - "dns.resp.len": "4", - "dns.a": "96.17.70.188" - }, - "n7b.akamaiedge.net: type A, class IN, addr 165.254.157.167": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2234", - "dns.resp.len": "4", - "dns.a": "165.254.157.167" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2029", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 07:07:53.431212000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508508473.431212000", - "frame.time_delta": "2.092085000", - "frame.time_delta_displayed": "900.008230000", - "frame.time_relative": "50761.026008000", - "frame.number": "46613", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x00000dff", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000aabe", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "34206", - "udp.dstport": "53", - "udp.port": "34206", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000d321", - "udp.checksum.status": "2", - "udp.stream": "458" - }, - "dns": { - "dns.response_in": "46614", - "dns.id": "0x000004f8", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 07:07:53.437633000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508508473.437633000", - "frame.time_delta": "0.006421000", - "frame.time_delta_displayed": "0.006421000", - "frame.time_relative": "50761.032429000", - "frame.number": "46614", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x00004f64", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x000067a4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "34206", - "udp.port": "53", - "udp.port": "34206", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "458" - }, - "dns": { - "dns.response_to": "46613", - "dns.time": "0.006421000", - "dns.id": "0x000004f8", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "127", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6119", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.125" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.112" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "100", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "100", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "100", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "100", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "100", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "100", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "100", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "100", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "100", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1456", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "120", - "dns.resp.len": "4", - "dns.a": "173.223.52.109" - }, - "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "630", - "dns.resp.len": "4", - "dns.a": "173.223.52.109" - }, - "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.192": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "837", - "dns.resp.len": "4", - "dns.a": "96.17.70.192" - }, - "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.207": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5740", - "dns.resp.len": "4", - "dns.a": "198.172.88.207" - }, - "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1474", - "dns.resp.len": "4", - "dns.a": "204.2.166.158" - }, - "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.188": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1315", - "dns.resp.len": "4", - "dns.a": "96.17.70.188" - }, - "n7b.akamaiedge.net: type A, class IN, addr 165.254.157.167": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1334", - "dns.resp.len": "4", - "dns.a": "165.254.157.167" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "1129", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 07:22:53.445298000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508509373.445298000", - "frame.time_delta": "4.162550000", - "frame.time_delta_displayed": "900.007665000", - "frame.time_relative": "51661.040094000", - "frame.number": "47529", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x00001618", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000a2a5", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "37517", - "udp.dstport": "53", - "udp.port": "37517", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x0000c631", - "udp.checksum.status": "2", - "udp.stream": "459" - }, - "dns": { - "dns.response_in": "47530", - "dns.id": "0x000004f9", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 07:22:53.451560000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508509373.451560000", - "frame.time_delta": "0.006262000", - "frame.time_delta_displayed": "0.006262000", - "frame.time_relative": "51661.046356000", - "frame.number": "47530", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x0000879c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00002f6c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "37517", - "udp.port": "53", - "udp.port": "37517", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "459" - }, - "dns": { - "dns.response_to": "47529", - "dns.time": "0.006262000", - "dns.id": "0x000004f9", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "127", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5219", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.112" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.125" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3203", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3203", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3203", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3203", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3203", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3203", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3203", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3203", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3203", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "556", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 96.17.70.191": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "7221", - "dns.resp.len": "4", - "dns.a": "96.17.70.191" - }, - "n2b.akamaiedge.net: type A, class IN, addr 165.254.146.244": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "7733", - "dns.resp.len": "4", - "dns.a": "165.254.146.244" - }, - "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3938", - "dns.resp.len": "4", - "dns.a": "173.223.52.109" - }, - "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.207": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4840", - "dns.resp.len": "4", - "dns.a": "198.172.88.207" - }, - "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "574", - "dns.resp.len": "4", - "dns.a": "204.2.166.158" - }, - "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.188": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "415", - "dns.resp.len": "4", - "dns.a": "96.17.70.188" - }, - "n7b.akamaiedge.net: type A, class IN, addr 165.254.157.167": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "434", - "dns.resp.len": "4", - "dns.a": "165.254.157.167" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "229", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 07:33:23.445057000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508510003.445057000", - "frame.time_delta": "7.984590000", - "frame.time_delta_displayed": "629.993497000", - "frame.time_relative": "52291.039853000", - "frame.number": "48058", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000fb5d", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bd5c", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "54194", - "udp.dstport": "53", - "udp.port": "54194", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000ec90", - "udp.checksum.status": "2", - "udp.stream": "463" - }, - "dns": { - "dns.response_in": "48059", - "dns.id": "0x000004fa", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 07:33:23.447069000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508510003.447069000", - "frame.time_delta": "0.002012000", - "frame.time_delta_displayed": "0.002012000", - "frame.time_relative": "52291.041865000", - "frame.number": "48059", - "frame.len": "137", - "frame.cap_len": "137", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "123", - "ip.id": "0x000001dc", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b6a4", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "54194", - "udp.port": "53", - "udp.port": "54194", - "udp.length": "103", - "udp.checksum": "0x0000826a", - "udp.checksum.status": "2", - "udp.stream": "463" - }, - "dns": { - "dns.response_to": "48058", - "dns.time": "0.002012000", - "dns.id": "0x000004fa", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "1", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - }, - "Authoritative nameservers": { - "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "6", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "412", - "dns.resp.len": "46", - "dns.soa.mname": "ns1.ext.philips.com", - "dns.soa.rname": "ddi-authority.philips.com", - "dns.soa.serial_number": "387", - "dns.soa.refresh_interval": "1200", - "dns.soa.retry_interval": "300", - "dns.soa.expire_limit": "1209600", - "dns.soa.mininum_ttl": "3600" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 07:33:23.447897000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508510003.447897000", - "frame.time_delta": "0.000828000", - "frame.time_delta_displayed": "0.000828000", - "frame.time_relative": "52291.042693000", - "frame.number": "48060", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000fb5e", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bd5b", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "35295", - "udp.dstport": "53", - "udp.port": "35295", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00005163", - "udp.checksum.status": "2", - "udp.stream": "464" - }, - "dns": { - "dns.response_in": "48061", - "dns.id": "0x000004fb", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 07:33:23.449477000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508510003.449477000", - "frame.time_delta": "0.001580000", - "frame.time_delta_displayed": "0.001580000", - "frame.time_relative": "52291.044273000", - "frame.number": "48061", - "frame.len": "285", - "frame.cap_len": "285", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "271", - "ip.id": "0x000001dd", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b60f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "35295", - "udp.port": "53", - "udp.port": "35295", - "udp.length": "251", - "udp.checksum": "0x000082fe", - "udp.checksum.status": "2", - "udp.stream": "464" - }, - "dns": { - "dns.response_to": "48060", - "dns.time": "0.001580000", - "dns.id": "0x000004fb", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "3", - "dns.count.add_rr": "6", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "412", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - }, - "Authoritative nameservers": { - "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2798", - "dns.resp.len": "10", - "dns.ns": "ns2.ext.philips.com" - }, - "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2798", - "dns.resp.len": "6", - "dns.ns": "ns3.ext.philips.com" - }, - "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { - "dns.resp.name": "cpp.philips.com", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2798", - "dns.resp.len": "6", - "dns.ns": "ns1.ext.philips.com" - } - }, - "Additional records": { - "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { - "dns.resp.name": "ns1.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "153850", - "dns.resp.len": "4", - "dns.a": "57.67.40.20" - }, - "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "124773", - "dns.resp.len": "4", - "dns.a": "57.77.21.76" - }, - "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "124773", - "dns.resp.len": "4", - "dns.a": "57.73.36.68" - }, - "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { - "dns.resp.name": "ns1.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "143028", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce89:8001::57:67:40:20" - }, - "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { - "dns.resp.name": "ns2.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "14750", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" - }, - "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { - "dns.resp.name": "ns3.ext.philips.com", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "14750", - "dns.resp.len": "16", - "dns.aaaa": "2a01:ce9d:1::57:73:36:68" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 07:33:23.865101000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508510003.865101000", - "frame.time_delta": "0.001627000", - "frame.time_delta_displayed": "0.415624000", - "frame.time_relative": "52291.459897000", - "frame.number": "48078", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000fb69", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bd50", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "56468", - "udp.dstport": "53", - "udp.port": "56468", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x0000e3ac", - "udp.checksum.status": "2", - "udp.stream": "465" - }, - "dns": { - "dns.response_in": "48079", - "dns.id": "0x000004fc", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 07:33:23.865672000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508510003.865672000", - "frame.time_delta": "0.000571000", - "frame.time_delta_displayed": "0.000571000", - "frame.time_relative": "52291.460468000", - "frame.number": "48079", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x000001de", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b6dc", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "56468", - "udp.port": "53", - "udp.port": "56468", - "udp.length": "45", - "udp.checksum": "0x00008230", - "udp.checksum.status": "2", - "udp.stream": "465" - }, - "dns": { - "dns.response_to": "48078", - "dns.time": "0.000571000", - "dns.id": "0x000004fc", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type AAAA, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "28", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 07:33:23.866499000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508510003.866499000", - "frame.time_delta": "0.000827000", - "frame.time_delta_displayed": "0.000827000", - "frame.time_relative": "52291.461295000", - "frame.number": "48080", - "frame.len": "79", - "frame.cap_len": "79", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "65", - "ip.id": "0x0000fb6a", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000bd4f", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "42815", - "udp.dstport": "53", - "udp.port": "42815", - "udp.port": "53", - "udp.length": "45", - "udp.checksum": "0x00003401", - "udp.checksum.status": "2", - "udp.stream": "466" - }, - "dns": { - "dns.response_in": "48081", - "dns.id": "0x000004fd", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 07:33:23.867228000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508510003.867228000", - "frame.time_delta": "0.000729000", - "frame.time_delta_displayed": "0.000729000", - "frame.time_relative": "52291.462024000", - "frame.number": "48081", - "frame.len": "95", - "frame.cap_len": "95", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "81", - "ip.id": "0x000001df", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000b6cb", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "42815", - "udp.port": "53", - "udp.port": "42815", - "udp.length": "61", - "udp.checksum": "0x00008240", - "udp.checksum.status": "2", - "udp.stream": "466" - }, - "dns": { - "dns.response_to": "48080", - "dns.time": "0.000729000", - "dns.id": "0x000004fd", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "1", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "dcp.cpp.philips.com: type A, class IN": { - "dns.qry.name": "dcp.cpp.philips.com", - "dns.qry.name.len": "19", - "dns.count.labels": "4", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { - "dns.resp.name": "dcp.cpp.philips.com", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "412", - "dns.resp.len": "4", - "dns.a": "5.79.62.93" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 07:37:53.461226000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508510273.461226000", - "frame.time_delta": "5.280384000", - "frame.time_delta_displayed": "269.593998000", - "frame.time_relative": "52561.056022000", - "frame.number": "48304", - "frame.len": "76", - "frame.cap_len": "76", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.dst_tree": { - "eth.dst_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "00:17:88:69:ee:e4", - "eth.src_tree": { - "eth.src_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "62", - "ip.id": "0x00000e4c", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x0000aa71", - "ip.checksum.status": "2", - "ip.src": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.src_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "ip.dst": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.dst_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "49801", - "udp.dstport": "53", - "udp.port": "49801", - "udp.port": "53", - "udp.length": "42", - "udp.checksum": "0x00009630", - "udp.checksum.status": "2", - "udp.stream": "467" - }, - "dns": { - "dns.response_in": "48305", - "dns.id": "0x000004fe", - "dns.flags": "0x00000100", - "dns.flags_tree": { - "dns.flags.response": "0", - "dns.flags.opcode": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.z": "0", - "dns.flags.checkdisable": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "0", - "dns.count.auth_rr": "0", - "dns.count.add_rr": "0", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - } - } - } - } - } - , - { - "_index": "packets-2017-10-26", - "_type": "pcap_file", - "_score": null, - "_source": { - "layers": { - "frame": { - "frame.encap_type": "1", - "frame.time": "Oct 20, 2017 07:37:53.467660000 PDT", - "frame.offset_shift": "0.000000000", - "frame.time_epoch": "1508510273.467660000", - "frame.time_delta": "0.006434000", - "frame.time_delta_displayed": "0.006434000", - "frame.time_relative": "52561.062456000", - "frame.number": "48305", - "frame.len": "513", - "frame.cap_len": "513", - "frame.marked": "0", - "frame.ignored": "0", - "frame.protocols": "eth:ethertype:ip:udp:dns", - "frame.coloring_rule.name": "UDP", - "frame.coloring_rule.string": "udp" - }, - "eth": { - "eth.dst": "00:17:88:69:ee:e4", - "eth.dst_tree": { - "eth.dst_resolved": "PhilipsL_69:ee:e4", - "eth.addr": "00:17:88:69:ee:e4", - "eth.addr_resolved": "PhilipsL_69:ee:e4", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.src": "b0:b9:8a:73:69:8e", - "eth.src_tree": { - "eth.src_resolved": "Netgear_73:69:8e", - "eth.addr": "b0:b9:8a:73:69:8e", - "eth.addr_resolved": "Netgear_73:69:8e", - "eth.lg": "0", - "eth.ig": "0" - }, - "eth.type": "0x00000800" - }, - "ip": { - "ip.version": "4", - "ip.hdr_len": "20", - "ip.dsfield": "0x00000000", - "ip.dsfield_tree": { - "ip.dsfield.dscp": "0", - "ip.dsfield.ecn": "0" - }, - "ip.len": "499", - "ip.id": "0x00001912", - "ip.flags": "0x00000002", - "ip.flags_tree": { - "ip.flags.rb": "0", - "ip.flags.df": "1", - "ip.flags.mf": "0" - }, - "ip.frag_offset": "0", - "ip.ttl": "64", - "ip.proto": "17", - "ip.checksum": "0x00009df6", - "ip.checksum.status": "2", - "ip.src": "192.168.0.1", - "ip.addr": "192.168.0.1", - "ip.src_host": "192.168.0.1", - "ip.host": "192.168.0.1", - "ip.dst": "192.168.0.160", - "ip.addr": "192.168.0.160", - "ip.dst_host": "192.168.0.160", - "ip.host": "192.168.0.160", - "Source GeoIP: Unknown": "", - "Destination GeoIP: Unknown": "" - }, - "udp": { - "udp.srcport": "53", - "udp.dstport": "49801", - "udp.port": "53", - "udp.port": "49801", - "udp.length": "479", - "udp.checksum": "0x000083e2", - "udp.checksum.status": "2", - "udp.stream": "467" - }, - "dns": { - "dns.response_to": "48304", - "dns.time": "0.006434000", - "dns.id": "0x000004fe", - "dns.flags": "0x00008180", - "dns.flags_tree": { - "dns.flags.response": "1", - "dns.flags.opcode": "0", - "dns.flags.authoritative": "0", - "dns.flags.truncated": "0", - "dns.flags.recdesired": "1", - "dns.flags.recavail": "1", - "dns.flags.z": "0", - "dns.flags.authenticated": "0", - "dns.flags.checkdisable": "0", - "dns.flags.rcode": "0" - }, - "dns.count.queries": "1", - "dns.count.answers": "4", - "dns.count.auth_rr": "9", - "dns.count.add_rr": "9", - "Queries": { - "www2.meethue.com: type A, class IN": { - "dns.qry.name": "www2.meethue.com", - "dns.qry.name.len": "16", - "dns.count.labels": "3", - "dns.qry.type": "1", - "dns.qry.class": "0x00000001" - } - }, - "Answers": { - "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { - "dns.resp.name": "www2.meethue.com", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "128", - "dns.resp.len": "41", - "dns.cname": "brands.lighting.philips.com.edgekey.net" - }, - "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { - "dns.resp.name": "brands.lighting.philips.com.edgekey.net", - "dns.resp.type": "5", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "4319", - "dns.resp.len": "22", - "dns.cname": "e15361.b.akamaiedge.net" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.125" - }, - "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { - "dns.resp.name": "e15361.b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "20", - "dns.resp.len": "4", - "dns.a": "173.223.52.112" - } - }, - "Authoritative nameservers": { - "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2303", - "dns.resp.len": "6", - "dns.ns": "n6b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2303", - "dns.resp.len": "6", - "dns.ns": "n2b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2303", - "dns.resp.len": "6", - "dns.ns": "a0b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2303", - "dns.resp.len": "6", - "dns.ns": "n4b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2303", - "dns.resp.len": "6", - "dns.ns": "n5b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2303", - "dns.resp.len": "6", - "dns.ns": "n1b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2303", - "dns.resp.len": "6", - "dns.ns": "n7b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2303", - "dns.resp.len": "6", - "dns.ns": "n3b.akamaiedge.net" - }, - "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { - "dns.resp.name": "b.akamaiedge.net", - "dns.resp.type": "2", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "2303", - "dns.resp.len": "6", - "dns.ns": "n0b.akamaiedge.net" - } - }, - "Additional records": { - "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { - "dns.resp.name": "n0b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3658", - "dns.resp.len": "4", - "dns.a": "88.221.81.192" - }, - "n1b.akamaiedge.net: type A, class IN, addr 96.17.70.191": { - "dns.resp.name": "n1b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6321", - "dns.resp.len": "4", - "dns.a": "96.17.70.191" - }, - "n2b.akamaiedge.net: type A, class IN, addr 165.254.146.244": { - "dns.resp.name": "n2b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "6833", - "dns.resp.len": "4", - "dns.a": "165.254.146.244" - }, - "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { - "dns.resp.name": "n3b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3038", - "dns.resp.len": "4", - "dns.a": "173.223.52.109" - }, - "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.207": { - "dns.resp.name": "n4b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3940", - "dns.resp.len": "4", - "dns.a": "198.172.88.207" - }, - "n5b.akamaiedge.net: type A, class IN, addr 173.223.52.131": { - "dns.resp.name": "n5b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "7681", - "dns.resp.len": "4", - "dns.a": "173.223.52.131" - }, - "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.133": { - "dns.resp.name": "n6b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "3520", - "dns.resp.len": "4", - "dns.a": "173.223.52.133" - }, - "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { - "dns.resp.name": "n7b.akamaiedge.net", - "dns.resp.type": "1", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5538", - "dns.resp.len": "4", - "dns.a": "204.1.137.41" - }, - "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { - "dns.resp.name": "a0b.akamaiedge.net", - "dns.resp.type": "28", - "dns.resp.class": "0x00000001", - "dns.resp.ttl": "5335", - "dns.resp.len": "16", - "dns.aaaa": "2600:1480:e800::c0" - } - } - } - } - } - } -] diff --git a/extract_from_tshark.py b/extract_from_tshark.py deleted file mode 100644 index 5704a97..0000000 --- a/extract_from_tshark.py +++ /dev/null @@ -1,176 +0,0 @@ -#!/usr/bin/python - -""" -Script used to extract only the needed information from JSON packet traces generated by -tshark from PCAPNG format -""" - -import os, sys -import json -import uuid - -from collections import OrderedDict - -json_key_source = "_source" -json_key_layers = "layers" - -json_key_ip = "ip" -json_key_tcp = "tcp" - -json_key_http = "http" -json_key_method = "method" -json_key_uri = "uri" -json_key_headers = "headers" -json_key_host = "host" - -json_key_http_req = json_key_http + ".request." -json_key_http_req_method = json_key_http_req + json_key_method -json_key_http_req_uri = json_key_http_req + json_key_uri -json_key_http_req_line = json_key_http_req + "line" - -json_key_pkt_comment = "pkt_comment" - -json_key_frame = "frame" -json_key_frame_num = json_key_frame + ".number" -json_key_frame_comment = json_key_frame + ".comment" -json_key_frame_ts = json_key_frame + ".time_epoch" - - -JSON_KEY_ETH = "eth" -JSON_KEY_ETH_SRC = "eth.src" -JSON_KEY_ETH_DST = "eth.dst" - - -def make_unique(key, dct): - counter = 0 - unique_key = key - - while unique_key in dct: - counter += 1 - unique_key = '{}_{}'.format(key, counter) - return unique_key - - -def parse_object_pairs(pairs): - dct = OrderedDict() - for key, value in pairs: - if key in dct: - key = make_unique(key, dct) - dct[key] = value - - return dct - -def change_file(fpath): - for fn in os.listdir(fpath): - full_path = fpath + '/' + fn - - # Recursively go through all directories - if os.path.isdir(full_path): - change_file(full_path) - continue - - print full_path - with open(full_path, "r+") as jf: - # Since certain json 'keys' appear multiple times in our data, we have to make them - # unique first (we can't use regular json.load() or we lose some data points). From: - # https://stackoverflow.com/questions/29321677/python-json-parser-allow-duplicate-keys - decoder = json.JSONDecoder(object_pairs_hook=parse_object_pairs) - pcap_data = decoder.decode(jf.read()) - - # Prepare new data structure for re-formatted JSON storage - data = {} - for packet in pcap_data: - layers = packet[json_key_source][json_key_layers] - - # All captured traffic should have a frame + frame number, but check anyway - frame_num = " Frame: " - if json_key_frame not in layers or json_key_frame_num not in layers[json_key_frame]: - print "WARNING: could not find frame number! Using -1..." - frame_num = frame_num + "-1" - else: - # Save frame number for error-reporting - frame_num = frame_num + layers[json_key_frame][json_key_frame_num] - - # All captured traffic should be IP, but check anyway - if not json_key_ip in layers: - print "WARNING: Non-IP traffic detected!" + frame_num - continue - - # For now, focus on HTTP only - if json_key_tcp not in layers or json_key_http not in layers: - continue - - # Fill our new JSON packet with TCP/IP info - new_packet = {} - new_packet["dst_ip"] = layers[json_key_ip][json_key_ip + ".dst"] - new_packet["dst_port"] = int(layers[json_key_tcp][json_key_tcp + ".dstport"]) - - # JV: Also include src so we can see what device initiates the traffic - new_packet["src_ip"] = layers[json_key_ip][json_key_ip + ".src"] - new_packet["src_port"] = int(layers[json_key_tcp][json_key_tcp + ".srcport"]) - #JV: Also include eth soure/destination info so that we can map traffic to physical device using MAC - new_packet[JSON_KEY_ETH_SRC] = layers[JSON_KEY_ETH][JSON_KEY_ETH_SRC] - new_packet[JSON_KEY_ETH_DST] = layers[JSON_KEY_ETH][JSON_KEY_ETH_DST] - - # Go through all HTTP fields and extract the ones that are needed - http_data = layers[json_key_http] - for http_key in http_data: - http_value = http_data[http_key] - - if http_key.startswith(json_key_http_req_line): - header_line = http_value.split(":", 1) - if len(header_line) != 2: - print ("WARNING: could not parse header '" + str(header_line) + "'" - + frame_num) - continue - - # Prepare container for HTTP headers - if json_key_headers not in new_packet: - new_packet[json_key_headers] = {} - - # Use lower case for header keys to stay consistent with our other data - header_key = header_line[0].lower() - - # Remove the trailing carriage return - header_val = header_line[1].strip() - - # Save the header key-value pair - new_packet[json_key_headers][header_key] = header_val - - # If this is the host header, we also save it to the main object - if header_key == json_key_host: - new_packet[json_key_host] = header_val - - if json_key_http_req_method in http_value: - new_packet[json_key_method] = http_value[json_key_http_req_method] - if json_key_http_req_uri in http_value: - new_packet[json_key_uri] = http_value[json_key_http_req_uri] - - # End of HTTP parsing - - # Check that we found the minimum needed HTTP headers - if (json_key_uri not in new_packet or json_key_method not in new_packet or - json_key_host not in new_packet): - print "Missing some HTTP Headers!" + frame_num - continue - - # Extract timestamp - if json_key_frame_ts not in layers[json_key_frame]: - print "WARNING: could not find timestamp!" + frame_num - continue - - new_packet["ts"] = layers[json_key_frame][json_key_frame_ts] - - # Create a unique key for each packet to keep consistent with ReCon - # Also good in case packets end up in different files - data[str(uuid.uuid4())] = new_packet - - # Write the new data - #print json.dumps(data, sort_keys=True, indent=4) - jf.seek(0) - jf.write(json.dumps(data, sort_keys=True, indent=4)) - jf.truncate() - -if __name__ == '__main__': - # Needed to re-use some JSON keys - change_file(sys.argv[1]) \ No newline at end of file diff --git a/generated-graph-sample.gexf b/generated-graph-sample.gexf deleted file mode 100644 index 33f9f54..0000000 --- a/generated-graph-sample.gexf +++ /dev/null @@ -1,23 +0,0 @@ - - - - - NetworkX 2.0 - 05/11/2017 - - - - - - - - - - - - - - - - - diff --git a/gexf/generated-graph-sample.gexf b/gexf/generated-graph-sample.gexf new file mode 100644 index 0000000..33f9f54 --- /dev/null +++ b/gexf/generated-graph-sample.gexf @@ -0,0 +1,23 @@ + + + + + NetworkX 2.0 + 05/11/2017 + + + + + + + + + + + + + + + + + diff --git a/http.json b/http.json deleted file mode 100644 index 5919871..0000000 --- a/http.json +++ /dev/null @@ -1,1427 +0,0 @@ -{ - "0018c361-c05b-462b-80fd-924d0d90110f": { - "dst_ip": "5.79.62.93", - "dst_port": 80, - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.src": "00:17:88:69:ee:e4", - "headers": { - "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"74\", Nonce=\"5uz+9xSbrsC2F9UIj3EnlQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"U77HA2bdom8FQeQHHjOBKw==\"", - "connection": "close", - "content-length": "1328", - "content-type": "application/CB-Encrypted; cipher=AES", - "host": "dcp.cpp.philips.com:80" - }, - "host": "dcp.cpp.philips.com:80", - "method": "POST", - "src_ip": "192.168.0.160", - "src_port": 45243, - "ts": "1508502803.048797000", - "uri": "/DcpRequestHandler/index.ashx" - }, - "06c3f251-5dd2-429f-840c-7cee46775c08": { - "dst_ip": "5.79.62.93", - "dst_port": 80, - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.src": "00:17:88:69:ee:e4", - "headers": { - "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"51\", Nonce=\"IDqv9WAPICxSF9UIgYzuNQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"HO0GNANgmPqD3EsKDz11CQ==\"", - "connection": "close", - "content-length": "1328", - "content-type": "application/CB-Encrypted; cipher=AES", - "host": "dcp.cpp.philips.com:80" - }, - "host": "dcp.cpp.philips.com:80", - "method": "POST", - "src_ip": "192.168.0.160", - "src_port": 45175, - "ts": "1508463201.902797000", - "uri": "/DcpRequestHandler/index.ashx" - }, - "109a8616-e01e-47b1-a381-dc10de5c50a1": { - "dst_ip": "5.79.62.93", - "dst_port": 80, - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.src": "00:17:88:69:ee:e4", - "headers": { - "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"67\", Nonce=\"OeXj2KpCdTmVF9UIH/fp1g==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"v7WnBnxyc0rL6zBViUZt3Q==\"", - "connection": "close", - "content-length": "1328", - "content-type": "application/CB-Encrypted; cipher=AES", - "host": "dcp.cpp.philips.com:80" - }, - "host": "dcp.cpp.philips.com:80", - "method": "POST", - "src_ip": "192.168.0.160", - "src_port": 45224, - "ts": "1508492002.667066000", - "uri": "/DcpRequestHandler/index.ashx" - }, - "1146dff1-5bec-4a75-a7be-8e0607e2d79b": { - "dst_ip": "5.79.62.93", - "dst_port": 80, - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.src": "00:17:88:69:ee:e4", - "headers": { - "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"59\", Nonce=\"IIRRXKWHaLNzF9UIafRhqA==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"Mb84RTuO7v9NBZI4u2KVow==\"", - "connection": "close", - "content-length": "1328", - "content-type": "application/CB-Encrypted; cipher=AES", - "host": "dcp.cpp.philips.com:80" - }, - "host": "dcp.cpp.philips.com:80", - "method": "POST", - "src_ip": "192.168.0.160", - "src_port": 45199, - "ts": "1508477602.251054000", - "uri": "/DcpRequestHandler/index.ashx" - }, - "17203fc4-cc9c-4ddc-b75d-828dadcd5707": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56971, - "ts": "1508500993.884194000", - "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" - }, - "1d146b55-7395-435d-8e03-d8747f6fc3ca": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56611, - "ts": "1508469852.249587000", - "uri": "/description.xml" - }, - "1ea946a4-e4a6-4fa5-927e-4603e47d6251": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56609, - "ts": "1508469851.936530000", - "uri": "/description.xml" - }, - "1f73b3b1-a13d-499c-8df9-32873a7c340e": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56968, - "ts": "1508500992.947109000", - "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" - }, - "21088abf-df7d-45e8-a028-edd22a383f65": { - "dst_ip": "5.79.62.93", - "dst_port": 80, - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.src": "00:17:88:69:ee:e4", - "headers": { - "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"63\", Nonce=\"0n/qkGVhjHaEF9UIbD9C0w==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"a7dKjQVsYpg5YH/p9UfqmQ==\"", - "connection": "close", - "content-length": "1328", - "content-type": "application/CB-Encrypted; cipher=AES", - "host": "dcp.cpp.philips.com:80" - }, - "host": "dcp.cpp.philips.com:80", - "method": "POST", - "src_ip": "192.168.0.160", - "src_port": 45212, - "ts": "1508484803.583720000", - "uri": "/DcpRequestHandler/index.ashx" - }, - "215520aa-f1ea-4129-83c5-155fa84aa219": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56701, - "ts": "1508477534.895063000", - "uri": "/description.xml" - }, - "297939f9-7e43-48ba-b44c-f05d590fac2f": { - "dst_ip": "5.79.62.93", - "dst_port": 80, - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.src": "00:17:88:69:ee:e4", - "headers": { - "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"72\", Nonce=\"jwevBP0xoV+uF9UI3sJnlA==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"GCdNlUt1IhjIKFkIuQ8V8g==\"", - "connection": "close", - "content-length": "1328", - "content-type": "application/CB-Encrypted; cipher=AES", - "host": "dcp.cpp.philips.com:80" - }, - "host": "dcp.cpp.philips.com:80", - "method": "POST", - "src_ip": "192.168.0.160", - "src_port": 45237, - "ts": "1508499204.343328000", - "uri": "/DcpRequestHandler/index.ashx" - }, - "2aa32fd9-ca8e-4ec4-9ef7-0e56a508ce51": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56538, - "ts": "1508463913.265019000", - "uri": "/description.xml" - }, - "2cecaffd-d363-401d-9b6f-1ca89d2b350b": { - "dst_ip": "5.79.62.93", - "dst_port": 80, - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.src": "00:17:88:69:ee:e4", - "headers": { - "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"60\", Nonce=\"T8McgxJ9HBR8F9UIHQxr3A==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"pB8wKvl1l7ugOuNTTS9oxQ==\"", - "connection": "close", - "content-length": "1328", - "content-type": "application/CB-Encrypted; cipher=AES", - "host": "dcp.cpp.philips.com:80" - }, - "host": "dcp.cpp.philips.com:80", - "method": "POST", - "src_ip": "192.168.0.160", - "src_port": 45200, - "ts": "1508477602.669084000", - "uri": "/DcpRequestHandler/index.ashx" - }, - "2f197b06-d092-427f-a92a-ba9b247e73d6": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 57055, - "ts": "1508509044.965021000", - "uri": "/description.xml" - }, - "3010efcb-45f8-43fc-9443-8a3ba838ee9f": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56540, - "ts": "1508463914.137918000", - "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" - }, - "3236af6d-4542-4257-9087-bafcbbdb5de9": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56879, - "ts": "1508493119.264807000", - "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" - }, - "3acd5f57-061a-474b-bb89-5b65f5e549d3": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 57062, - "ts": "1508509045.921481000", - "uri": "/description.xml" - }, - "3c1ba96c-4e39-439b-9ada-e6c66f6e0e7f": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 57072, - "ts": "1508509214.456013000", - "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" - }, - "3f95a4d2-9586-430c-a002-616896328da3": { - "dst_ip": "5.79.62.93", - "dst_port": 80, - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.src": "00:17:88:69:ee:e4", - "headers": { - "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"57\", Nonce=\"UKDWAA1aUlFrF9UItdlMsw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"PdwZCCElcnhZG70H7kTWtg==\"", - "connection": "close", - "content-length": "1328", - "content-type": "application/CB-Encrypted; cipher=AES", - "host": "dcp.cpp.philips.com:80" - }, - "host": "dcp.cpp.philips.com:80", - "method": "POST", - "src_ip": "192.168.0.160", - "src_port": 45193, - "ts": "1508474003.675549000", - "uri": "/DcpRequestHandler/index.ashx" - }, - "4b7c4441-ee52-4167-a7e3-f9b196e31cf2": { - "dst_ip": "130.211.67.12", - "dst_port": 80, - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.src": "00:17:88:69:ee:e4", - "headers": { - "connection": "close", - "content-type": "text/plain", - "host": "diagnostics.meethue.com:80", - "transfer-encoding": "chunked" - }, - "host": "diagnostics.meethue.com:80", - "method": "POST", - "src_ip": "192.168.0.160", - "src_port": 54159, - "ts": "1508461977.224826000", - "uri": "/bridges/fullconfig?sso=91c2b44e0cc2e21ed49576ab6732c15b5c8a86e5f4211feb4a1e9a086dddf9d2663e7c6b035a33b43dd98c6168842c6bbed4f84f8ba27cb6e6593dc3de07a2909c62693157c503a676c182a44daf78ddae30900de525cad753035de299958db2121a4284346b74371c889cfc5df609cb33d126e3051871163f5d767a9d53b72ae6e8901db39b90d2247db5cb734db1b8f18c37bfc23ed6091359629f8c68074ea0d7377c6da7b5b88bccda18a2e137e29f0bab89d64d94c2524b639e5712061b&i=e11f3860cfb5d8a0e502583853950fb6&auth=f66de122ea23c53e85a152b1be18131517dddef7" - }, - "503b740d-2377-4ab3-b1c0-318522744453": { - "dst_ip": "5.79.62.93", - "dst_port": 80, - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.src": "00:17:88:69:ee:e4", - "headers": { - "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"55\", Nonce=\"LDg3BhU5Mu9iF9UIehwGlA==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"yoodQRhNNMKwd6zmaU7QuA==\"", - "connection": "close", - "content-length": "1328", - "content-type": "application/CB-Encrypted; cipher=AES", - "host": "dcp.cpp.philips.com:80" - }, - "host": "dcp.cpp.philips.com:80", - "method": "POST", - "src_ip": "192.168.0.160", - "src_port": 45187, - "ts": "1508470403.122955000", - "uri": "/DcpRequestHandler/index.ashx" - }, - "515d8cf7-1847-4ac5-a62d-9fb279703109": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56697, - "ts": "1508477533.624722000", - "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" - }, - "5247061a-0a8d-4bc5-a7a5-71f86862d3e1": { - "dst_ip": "5.79.62.93", - "dst_port": 80, - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.src": "00:17:88:69:ee:e4", - "headers": { - "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"66\", Nonce=\"bSBJ+8tVRzmVF9UI+DCyBw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"rLf0EDCXW2dxHEFY/c0lzg==\"", - "connection": "close", - "content-length": "1328", - "content-type": "application/CB-Encrypted; cipher=AES", - "host": "dcp.cpp.philips.com:80" - }, - "host": "dcp.cpp.philips.com:80", - "method": "POST", - "src_ip": "192.168.0.160", - "src_port": 45219, - "ts": "1508488402.457324000", - "uri": "/DcpRequestHandler/index.ashx" - }, - "54753c2d-6229-405d-8cbd-b54c2d464099": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56612, - "ts": "1508469853.385023000", - "uri": "/description.xml" - }, - "562394f8-b1da-4002-9ad4-822c09bee722": { - "dst_ip": "5.79.62.93", - "dst_port": 80, - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.src": "00:17:88:69:ee:e4", - "headers": { - "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"52\", Nonce=\"+prNMq//zoxaF9UIAX4cmA==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"PD/HP4NMadOITSv65W1NVQ==\"", - "connection": "close", - "content-length": "1328", - "content-type": "application/CB-Encrypted; cipher=AES", - "host": "dcp.cpp.philips.com:80" - }, - "host": "dcp.cpp.philips.com:80", - "method": "POST", - "src_ip": "192.168.0.160", - "src_port": 45176, - "ts": "1508463202.320736000", - "uri": "/DcpRequestHandler/index.ashx" - }, - "58c45fe4-76f3-4b37-a318-32c55384cc82": { - "dst_ip": "5.79.62.93", - "dst_port": 80, - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.src": "00:17:88:69:ee:e4", - "headers": { - "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"65\", Nonce=\"YbFoE9OcpdiMF9UI5i3Sxg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"2+jvV9CpnWbrY7RxSfhszw==\"", - "connection": "close", - "content-length": "1328", - "content-type": "application/CB-Encrypted; cipher=AES", - "host": "dcp.cpp.philips.com:80" - }, - "host": "dcp.cpp.philips.com:80", - "method": "POST", - "src_ip": "192.168.0.160", - "src_port": 45218, - "ts": "1508488402.036753000", - "uri": "/DcpRequestHandler/index.ashx" - }, - "5d624b10-ff7e-4134-a095-ebb132041283": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56537, - "ts": "1508463913.049301000", - "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" - }, - "5fc69874-d257-4986-8e73-81fe63d58a58": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56970, - "ts": "1508500993.744272000", - "uri": "/description.xml" - }, - "6134fa96-2d71-4749-ab82-c9680631966d": { - "dst_ip": "5.79.62.93", - "dst_port": 80, - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.src": "00:17:88:69:ee:e4", - "headers": { - "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"49\", Nonce=\"pjd9TR/COapKF9UIvgMIbg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"cWIdFvlc1zTaM1lRh+sG1w==\"", - "connection": "close", - "content-length": "1328", - "content-type": "application/CB-Encrypted; cipher=AES", - "host": "dcp.cpp.philips.com:80" - }, - "host": "dcp.cpp.philips.com:80", - "method": "POST", - "src_ip": "192.168.0.160", - "src_port": 45168, - "ts": "1508459603.327754000", - "uri": "/DcpRequestHandler/index.ashx" - }, - "640baacd-ba1a-46ba-925f-1e7459564989": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56539, - "ts": "1508463913.918475000", - "uri": "/description.xml" - }, - "6518d1b2-1015-4ec9-95ee-77e9830e115a": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56878, - "ts": "1508493119.118306000", - "uri": "/description.xml" - }, - "6a4d30ba-1446-4921-84c1-fbbbf1a4f6e1": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56794, - "ts": "1508485432.979175000", - "uri": "/description.xml" - }, - "6a7f595a-e223-45b3-97cc-48cad9d7c548": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 57073, - "ts": "1508509214.519479000", - "uri": "/description.xml" - }, - "6cb61e21-61f1-4d86-8211-f8e52362755f": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56788, - "ts": "1508485431.641818000", - "uri": "/description.xml" - }, - "6ce7eecd-fadf-45e2-9cea-fdd76d667be6": { - "dst_ip": "5.79.62.93", - "dst_port": 80, - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.src": "00:17:88:69:ee:e4", - "headers": { - "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"53\", Nonce=\"Aj6ghgnkEo1aF9UIkdJNZQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"9OaGG6mRlwNym3ixwA9ivw==\"", - "connection": "close", - "content-length": "1328", - "content-type": "application/CB-Encrypted; cipher=AES", - "host": "dcp.cpp.philips.com:80" - }, - "host": "dcp.cpp.philips.com:80", - "method": "POST", - "src_ip": "192.168.0.160", - "src_port": 45181, - "ts": "1508466802.518608000", - "uri": "/DcpRequestHandler/index.ashx" - }, - "6de21d41-d0c9-4504-bb60-86479bdd0d1f": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 57071, - "ts": "1508509214.280691000", - "uri": "/description.xml" - }, - "6eac540f-2617-4caf-a777-158fa155a7e2": { - "dst_ip": "5.79.62.93", - "dst_port": 80, - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.src": "00:17:88:69:ee:e4", - "headers": { - "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"54\", Nonce=\"RnQj4ESU6O5iF9UIGxlBuw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"lFHZk7Y9NuBYpbyswcoUZw==\"", - "connection": "close", - "content-length": "1328", - "content-type": "application/CB-Encrypted; cipher=AES", - "host": "dcp.cpp.philips.com:80" - }, - "host": "dcp.cpp.philips.com:80", - "method": "POST", - "src_ip": "192.168.0.160", - "src_port": 45182, - "ts": "1508466802.939248000", - "uri": "/DcpRequestHandler/index.ashx" - }, - "706cc9e4-06a0-4260-a5fb-d1e5846b15fd": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56613, - "ts": "1508469853.515797000", - "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" - }, - "73768ca9-ada0-4930-9be5-a4ae242bc6e3": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56698, - "ts": "1508477533.627907000", - "uri": "/description.xml" - }, - "75b2f21d-cafb-4fa2-a1be-86c8da9b7b9c": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56696, - "ts": "1508477533.470368000", - "uri": "/description.xml" - }, - "773114f0-2158-4484-9905-0b2c23357138": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56881, - "ts": "1508493120.171827000", - "uri": "/description.xml" - }, - "7a7d63cd-9a64-4c22-943c-2ff539fb0713": { - "dst_ip": "5.79.62.93", - "dst_port": 80, - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.src": "00:17:88:69:ee:e4", - "headers": { - "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"50\", Nonce=\"HYIu7st62itSF9UI1C0tnw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"AIJFnUuBeCAhSJwsSPPIJA==\"", - "connection": "close", - "content-length": "1328", - "content-type": "application/CB-Encrypted; cipher=AES", - "host": "dcp.cpp.philips.com:80" - }, - "host": "dcp.cpp.philips.com:80", - "method": "POST", - "src_ip": "192.168.0.160", - "src_port": 45169, - "ts": "1508459603.745723000", - "uri": "/DcpRequestHandler/index.ashx" - }, - "7bbe7675-bca6-480c-8b4c-372cfb412b65": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56700, - "ts": "1508477534.717225000", - "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" - }, - "7c0eac67-4f15-4fce-8443-ef89c391060b": { - "dst_ip": "5.79.62.93", - "dst_port": 80, - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.src": "00:17:88:69:ee:e4", - "headers": { - "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"70\", Nonce=\"w0E1Ikptdv2lF9UIt96XtA==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"ZbLS0OUJ3WJY/VmOWlIEQg==\"", - "connection": "close", - "content-length": "1328", - "content-type": "application/CB-Encrypted; cipher=AES", - "host": "dcp.cpp.philips.com:80" - }, - "host": "dcp.cpp.philips.com:80", - "method": "POST", - "src_ip": "192.168.0.160", - "src_port": 45231, - "ts": "1508495603.618857000", - "uri": "/DcpRequestHandler/index.ashx" - }, - "80a3ebbb-6983-406f-8bfa-4c0e9ccca1f7": { - "dst_ip": "5.79.62.93", - "dst_port": 80, - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.src": "00:17:88:69:ee:e4", - "headers": { - "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"73\", Nonce=\"D/VVU+4V91+uF9UIMimHoA==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"wTYNVcjDJuYaIlqPvDbd+Q==\"", - "connection": "close", - "content-length": "1328", - "content-type": "application/CB-Encrypted; cipher=AES", - "host": "dcp.cpp.philips.com:80" - }, - "host": "dcp.cpp.philips.com:80", - "method": "POST", - "src_ip": "192.168.0.160", - "src_port": 45242, - "ts": "1508502802.629928000", - "uri": "/DcpRequestHandler/index.ashx" - }, - "80ca0244-6b0d-4b4c-9672-c0e4d82ba48e": { - "dst_ip": "5.79.62.93", - "dst_port": 80, - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.src": "00:17:88:69:ee:e4", - "headers": { - "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"61\", Nonce=\"wrIsdgJIWhR8F9UIx6Nk6A==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"rMFjUBkfbR8k+XM4J0Nk+A==\"", - "connection": "close", - "content-length": "1328", - "content-type": "application/CB-Encrypted; cipher=AES", - "host": "dcp.cpp.philips.com:80" - }, - "host": "dcp.cpp.philips.com:80", - "method": "POST", - "src_ip": "192.168.0.160", - "src_port": 45205, - "ts": "1508481202.944385000", - "uri": "/DcpRequestHandler/index.ashx" - }, - "8404af06-b8d8-4276-aea8-fee733250922": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56880, - "ts": "1508493119.423201000", - "uri": "/description.xml" - }, - "87e491e1-d4e0-4248-8172-fa71bfbd2625": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56966, - "ts": "1508500992.697184000", - "uri": "/description.xml" - }, - "8b7dcd6a-c592-42c6-8749-433f748ff589": { - "dst_ip": "5.79.62.93", - "dst_port": 80, - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.src": "00:17:88:69:ee:e4", - "headers": { - "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"77\", Nonce=\"v6de2RSqHCO/F9UIB9IETQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"Y2KkPRoOd5rN1bo4Bru7XQ==\"", - "connection": "close", - "content-length": "1328", - "content-type": "application/CB-Encrypted; cipher=AES", - "host": "dcp.cpp.philips.com:80" - }, - "host": "dcp.cpp.philips.com:80", - "method": "POST", - "src_ip": "192.168.0.160", - "src_port": 45254, - "ts": "1508510003.723787000", - "uri": "/DcpRequestHandler/index.ashx" - }, - "902ca1cf-b791-4fdd-bc7c-63eda786335d": { - "dst_ip": "5.79.62.93", - "dst_port": 80, - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.src": "00:17:88:69:ee:e4", - "headers": { - "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"69\", Nonce=\"O2nbMFG4qpudF9UI9et8gQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"rE4BCqqoV5ApwZlmkzLx/A==\"", - "connection": "close", - "content-length": "1328", - "content-type": "application/CB-Encrypted; cipher=AES", - "host": "dcp.cpp.philips.com:80" - }, - "host": "dcp.cpp.philips.com:80", - "method": "POST", - "src_ip": "192.168.0.160", - "src_port": 45230, - "ts": "1508495603.198446000", - "uri": "/DcpRequestHandler/index.ashx" - }, - "94ca8be3-3c28-4fae-93da-2bdf41621ad0": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 57061, - "ts": "1508509045.209972000", - "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" - }, - "995abfd5-ed0b-4d4d-a9fe-1c09fb7f0baa": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56793, - "ts": "1508485432.751765000", - "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" - }, - "9aa6333b-b72b-455a-8135-c75c0c81ae72": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56702, - "ts": "1508477535.050616000", - "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" - }, - "9b7c2e45-6897-47f5-a3ac-60a88fd71525": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56610, - "ts": "1508469852.190570000", - "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" - }, - "a12bb9fa-49ec-4969-b687-18567f93d8a8": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 57065, - "ts": "1508509046.706024000", - "uri": "/description.xml" - }, - "a1305724-ce2b-4ec0-96a1-56ffdada2782": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56791, - "ts": "1508485432.224563000", - "uri": "/description.xml" - }, - "a4464775-d8d8-44fc-9215-94a4bfb5c26d": { - "dst_ip": "5.79.62.93", - "dst_port": 80, - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.src": "00:17:88:69:ee:e4", - "headers": { - "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"76\", Nonce=\"Txncu/KW2yK/F9UIeTMGug==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"Fn/fJIlXLMbcdiZ27pWNwQ==\"", - "connection": "close", - "content-length": "1328", - "content-type": "application/CB-Encrypted; cipher=AES", - "host": "dcp.cpp.philips.com:80" - }, - "host": "dcp.cpp.philips.com:80", - "method": "POST", - "src_ip": "192.168.0.160", - "src_port": 45249, - "ts": "1508506403.694917000", - "uri": "/DcpRequestHandler/index.ashx" - }, - "a61dd83c-6989-4559-9039-363dbeb54ab9": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56542, - "ts": "1508463914.840072000", - "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" - }, - "a9ce3646-8671-4c44-a14e-47a38d0a32e0": { - "dst_ip": "5.79.62.93", - "dst_port": 80, - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.src": "00:17:88:69:ee:e4", - "headers": { - "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"56\", Nonce=\"87rYprWmElFrF9UIyB2bjQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"5oOnGRHc4VVgOtmTGnSXSw==\"", - "connection": "close", - "content-length": "1328", - "content-type": "application/CB-Encrypted; cipher=AES", - "host": "dcp.cpp.philips.com:80" - }, - "host": "dcp.cpp.philips.com:80", - "method": "POST", - "src_ip": "192.168.0.160", - "src_port": 45188, - "ts": "1508470403.541300000", - "uri": "/DcpRequestHandler/index.ashx" - }, - "acd1abe3-3f2e-4656-8847-5c3213277d11": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56882, - "ts": "1508493120.316778000", - "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" - }, - "bc134e48-ab13-4e58-b132-dd6435f3ac2b": { - "dst_ip": "5.79.62.93", - "dst_port": 80, - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.src": "00:17:88:69:ee:e4", - "headers": { - "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"71\", Nonce=\"LtIwGyrkvv2lF9UIdFDgLg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"jTrgvKNNbcTEqXRajrcYKQ==\"", - "connection": "close", - "content-length": "1328", - "content-type": "application/CB-Encrypted; cipher=AES", - "host": "dcp.cpp.philips.com:80" - }, - "host": "dcp.cpp.philips.com:80", - "method": "POST", - "src_ip": "192.168.0.160", - "src_port": 45236, - "ts": "1508499203.924411000", - "uri": "/DcpRequestHandler/index.ashx" - }, - "bd3385cb-97f2-43ba-9639-b92249b43a20": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 57063, - "ts": "1508509046.116595000", - "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" - }, - "bffb106d-cfe8-4a1c-9f23-33fbd2d5e217": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56969, - "ts": "1508500993.623407000", - "uri": "/description.xml" - }, - "c0838e3b-834e-413b-bcb8-d259b10616d1": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 57075, - "ts": "1508509215.520208000", - "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" - }, - "cacaff93-4fc0-4d24-a0db-83a437c22f8f": { - "dst_ip": "5.79.62.93", - "dst_port": 80, - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.src": "00:17:88:69:ee:e4", - "headers": { - "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"64\", Nonce=\"WIGvypHsZdiMF9UIrliQWQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"uf13Jx8s/eL7BiklzmuutQ==\"", - "connection": "close", - "content-length": "1328", - "content-type": "application/CB-Encrypted; cipher=AES", - "host": "dcp.cpp.philips.com:80" - }, - "host": "dcp.cpp.philips.com:80", - "method": "POST", - "src_ip": "192.168.0.160", - "src_port": 45213, - "ts": "1508484804.000058000", - "uri": "/DcpRequestHandler/index.ashx" - }, - "cb89a141-47e7-48e2-86bb-998e956c390a": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56614, - "ts": "1508469853.818103000", - "uri": "/description.xml" - }, - "d798cc2e-b848-416a-ae9f-0feb5c5cc83a": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 57074, - "ts": "1508509215.329645000", - "uri": "/description.xml" - }, - "db713a11-86ca-4903-bf03-78c056424a33": { - "dst_ip": "5.79.62.93", - "dst_port": 80, - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.src": "00:17:88:69:ee:e4", - "headers": { - "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"68\", Nonce=\"pedBaQkJYZudF9UICPNNyA==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"rXzU3PkJXq66quYxt4dR0w==\"", - "connection": "close", - "content-length": "1328", - "content-type": "application/CB-Encrypted; cipher=AES", - "host": "dcp.cpp.philips.com:80" - }, - "host": "dcp.cpp.philips.com:80", - "method": "POST", - "src_ip": "192.168.0.160", - "src_port": 45225, - "ts": "1508492003.083641000", - "uri": "/DcpRequestHandler/index.ashx" - }, - "de22dff6-4385-4c1b-9c0e-647784497294": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56795, - "ts": "1508485433.142029000", - "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" - }, - "df5bcd9f-f274-4fff-b318-27fb659b6f59": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 57064, - "ts": "1508509046.116540000", - "uri": "/description.xml" - }, - "e3d19c2c-b137-4756-919c-f70036e6ee04": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56615, - "ts": "1508469854.003616000", - "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" - }, - "e600104e-fbe8-4319-9d84-ca08047efd0f": { - "dst_ip": "5.79.62.93", - "dst_port": 80, - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.src": "00:17:88:69:ee:e4", - "headers": { - "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"75\", Nonce=\"8tOzN9657sC2F9UIl3ayqQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"OZk4/yc2TQeK7ph0tAkojA==\"", - "connection": "close", - "content-length": "1328", - "content-type": "application/CB-Encrypted; cipher=AES", - "host": "dcp.cpp.philips.com:80" - }, - "host": "dcp.cpp.philips.com:80", - "method": "POST", - "src_ip": "192.168.0.160", - "src_port": 45248, - "ts": "1508506403.275265000", - "uri": "/DcpRequestHandler/index.ashx" - }, - "e9139b55-7c4d-407f-aaeb-b4e748a066a3": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56792, - "ts": "1508485432.565257000", - "uri": "/description.xml" - }, - "e9557ac5-4e07-4514-a804-1b0a69b99036": { - "dst_ip": "5.79.62.93", - "dst_port": 80, - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.src": "00:17:88:69:ee:e4", - "headers": { - "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"62\", Nonce=\"BdKCsHaZQHaEF9UI5C5bWQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"hZf/7zl4u0jeRzps/5PXjA==\"", - "connection": "close", - "content-length": "1328", - "content-type": "application/CB-Encrypted; cipher=AES", - "host": "dcp.cpp.philips.com:80" - }, - "host": "dcp.cpp.philips.com:80", - "method": "POST", - "src_ip": "192.168.0.160", - "src_port": 45206, - "ts": "1508481203.365353000", - "uri": "/DcpRequestHandler/index.ashx" - }, - "ed359f08-9716-46e9-b242-fa0a7ad74b32": { - "dst_ip": "5.79.62.93", - "dst_port": 80, - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.src": "00:17:88:69:ee:e4", - "headers": { - "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"58\", Nonce=\"rSl/kVJvL7NzF9UIfuR6vQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"F1ymgtXGLgEjjsJtNRm7jQ==\"", - "connection": "close", - "content-length": "1328", - "content-type": "application/CB-Encrypted; cipher=AES", - "host": "dcp.cpp.philips.com:80" - }, - "host": "dcp.cpp.philips.com:80", - "method": "POST", - "src_ip": "192.168.0.160", - "src_port": 45194, - "ts": "1508474004.097958000", - "uri": "/DcpRequestHandler/index.ashx" - }, - "edbec7e3-ab76-4c3d-92cf-afbf3a717665": { - "dst_ip": "130.211.67.12", - "dst_port": 80, - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.src": "00:17:88:69:ee:e4", - "headers": { - "connection": "close", - "content-type": "text/plain", - "host": "diagnostics.meethue.com:80", - "transfer-encoding": "chunked" - }, - "host": "diagnostics.meethue.com:80", - "method": "POST", - "src_ip": "192.168.0.160", - "src_port": 54196, - "ts": "1508483525.057124000", - "uri": "/bridges/ws/stats?sso=91c2b44e0cc2e21ed49576ab6732c15b5c8a86e5f4211feb4a1e9a086dddf9d2663e7c6b035a33b43dd98c6168842c6bbed4f84f8ba27cb6e6593dc3de07a2909c62693157c503a676c182a44daf78ddae30900de525cad753035de299958db2121a4284346b74371c889cfc5df609cb33d126e3051871163f5d767a9d53b72ae6e8901db39b90d2247db5cb734db1b8f18c37bfc23ed6091359629f8c68074ea0d7377c6da7b5b88bccda18a2e137e29f0bab89d64d94c2524b639e5712061b&i=aa75654336d2f72df5b22d857fe4e512&auth=c0692053fa23c4a9704396bc516c1287a38e4b38" - }, - "ee7a172f-4939-42b3-90c4-f14569632c3d": { - "dst_ip": "5.79.62.93", - "dst_port": 80, - "eth.dst": "b0:b9:8a:73:69:8e", - "eth.src": "00:17:88:69:ee:e4", - "headers": { - "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"78\", Nonce=\"z9B2roxq4oTHF9UICymJ7Q==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"okPL+Sx5SKAgjONdFT54nQ==\"", - "connection": "close", - "content-length": "1328", - "content-type": "application/CB-Encrypted; cipher=AES", - "host": "dcp.cpp.philips.com:80" - }, - "host": "dcp.cpp.philips.com:80", - "method": "POST", - "src_ip": "192.168.0.160", - "src_port": 45255, - "ts": "1508510004.140691000", - "uri": "/DcpRequestHandler/index.ashx" - }, - "f1b63783-f5dd-4a48-ad04-40b447f2adf7": { - "dst_ip": "192.168.0.226", - "dst_port": 49153, - "eth.dst": "94:10:3e:36:60:09", - "eth.src": "d0:52:a8:a3:60:0f", - "headers": { - "content-length": "277", - "content-type": "text/xml; charset=\"utf-8\"", - "host": "192.168.0.226:49153", - "soapaction": "\"urn:Belkin:service:basicevent:1#GetBinaryState\"", - "user-agent": "CyberGarage-HTTP/1.0" - }, - "host": "192.168.0.226:49153", - "method": "POST", - "src_ip": "192.168.0.243", - "src_port": 51912, - "ts": "1508472514.240077000", - "uri": "/upnp/control/basicevent1" - }, - "f8607e7e-d759-4f28-95c4-9cb58fa19e67": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56541, - "ts": "1508463914.706660000", - "uri": "/description.xml" - }, - "fa94b3a9-8cbd-4782-a151-a274592aeeb4": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56536, - "ts": "1508463912.908377000", - "uri": "/description.xml" - }, - "fb58b8af-4bd8-443f-a9b1-9143aca25692": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56699, - "ts": "1508477534.524516000", - "uri": "/description.xml" - }, - "fc44d4d5-0fff-4c2a-b246-1a3a2c162409": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 56790, - "ts": "1508485431.919622000", - "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" - }, - "fe685706-cfaa-4b66-9959-1fe78bbbd89a": { - "dst_ip": "192.168.0.160", - "dst_port": 80, - "eth.dst": "00:17:88:69:ee:e4", - "eth.src": "68:37:e9:d2:26:0d", - "headers": { - "accept": "*/*", - "host": "192.168.0.160" - }, - "host": "192.168.0.160", - "method": "GET", - "src_ip": "192.168.0.227", - "src_port": 57066, - "ts": "1508509046.856076000", - "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" - } -} \ No newline at end of file diff --git a/json/dns.json b/json/dns.json new file mode 100644 index 0000000..43f3eb5 --- /dev/null +++ b/json/dns.json @@ -0,0 +1,40632 @@ +[ + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 17:07:51.560156000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508458071.560156000", + "frame.time_delta": "1.053360000", + "frame.time_delta_displayed": "0.000000000", + "frame.time_relative": "359.154952000", + "frame.number": "380", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000c5d4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000f2e8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "35041", + "udp.dstport": "53", + "udp.port": "35041", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000d04f", + "udp.checksum.status": "2", + "udp.stream": "19" + }, + "dns": { + "dns.response_in": "381", + "dns.id": "0x00000487", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 17:07:51.597999000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508458071.597999000", + "frame.time_delta": "0.037843000", + "frame.time_delta_displayed": "0.037843000", + "frame.time_relative": "359.192795000", + "frame.number": "381", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x00001e6a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000989e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "35041", + "udp.port": "53", + "udp.port": "35041", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "19" + }, + "dns": { + "dns.response_to": "380", + "dns.time": "0.037843000", + "dns.id": "0x00000487", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "115", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "13313", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.113" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "485", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "485", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "485", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "485", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "485", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "485", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "485", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "485", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "485", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3795", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.229": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2515", + "dns.resp.len": "4", + "dns.a": "173.197.192.229" + }, + "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.229": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3016", + "dns.resp.len": "4", + "dns.a": "173.197.192.229" + }, + "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.241": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3200", + "dns.resp.len": "4", + "dns.a": "165.254.134.241" + }, + "n4b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2106", + "dns.resp.len": "4", + "dns.a": "204.1.137.41" + }, + "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.33": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3857", + "dns.resp.len": "4", + "dns.a": "204.1.137.33" + }, + "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3654", + "dns.resp.len": "4", + "dns.a": "165.254.16.95" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.239": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3718", + "dns.resp.len": "4", + "dns.a": "165.254.134.239" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2491", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 17:22:51.607393000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508458971.607393000", + "frame.time_delta": "4.029605000", + "frame.time_delta_displayed": "900.009394000", + "frame.time_relative": "1259.202189000", + "frame.number": "1239", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00000103", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b7ba", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57902", + "udp.dstport": "53", + "udp.port": "57902", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x00007701", + "udp.checksum.status": "2", + "udp.stream": "36" + }, + "dns": { + "dns.response_in": "1240", + "dns.id": "0x00000488", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 17:22:51.678853000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508458971.678853000", + "frame.time_delta": "0.071460000", + "frame.time_delta_displayed": "0.071460000", + "frame.time_relative": "1259.273649000", + "frame.number": "1240", + "frame.len": "467", + "frame.cap_len": "467", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "453", + "ip.id": "0x00004f7c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000067ba", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "57902", + "udp.port": "53", + "udp.port": "57902", + "udp.length": "433", + "udp.checksum": "0x000083b4", + "udp.checksum.status": "2", + "udp.stream": "36" + }, + "dns": { + "dns.response_to": "1239", + "dns.time": "0.071460000", + "dns.id": "0x00000488", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "8", + "dns.count.add_rr": "8", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "115", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "12413", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.113" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "587", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "587", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "587", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "587", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "587", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "587", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "587", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "587", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2895", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.229": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1615", + "dns.resp.len": "4", + "dns.a": "173.197.192.229" + }, + "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.229": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2116", + "dns.resp.len": "4", + "dns.a": "173.197.192.229" + }, + "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.241": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2300", + "dns.resp.len": "4", + "dns.a": "165.254.134.241" + }, + "n4b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1206", + "dns.resp.len": "4", + "dns.a": "204.1.137.41" + }, + "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.33": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2957", + "dns.resp.len": "4", + "dns.a": "204.1.137.33" + }, + "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2754", + "dns.resp.len": "4", + "dns.a": "165.254.16.95" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.239": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2818", + "dns.resp.len": "4", + "dns.a": "165.254.134.239" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 17:33:23.045476000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508459603.045476000", + "frame.time_delta": "1.106645000", + "frame.time_delta_displayed": "631.366623000", + "frame.time_relative": "1890.640272000", + "frame.number": "1873", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00001f1b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000999f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "44067", + "udp.dstport": "53", + "udp.port": "44067", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00001491", + "udp.checksum.status": "2", + "udp.stream": "51" + }, + "dns": { + "dns.response_in": "1874", + "dns.id": "0x00000489", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 17:33:23.047090000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508459603.047090000", + "frame.time_delta": "0.001614000", + "frame.time_delta_displayed": "0.001614000", + "frame.time_relative": "1890.641886000", + "frame.number": "1874", + "frame.len": "137", + "frame.cap_len": "137", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "123", + "ip.id": "0x00002b52", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008d2e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "44067", + "udp.port": "53", + "udp.port": "44067", + "udp.length": "103", + "udp.checksum": "0x0000826a", + "udp.checksum.status": "2", + "udp.stream": "51" + }, + "dns": { + "dns.response_to": "1873", + "dns.time": "0.001614000", + "dns.id": "0x00000489", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "6", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "643", + "dns.resp.len": "46", + "dns.soa.mname": "ns1.ext.philips.com", + "dns.soa.rname": "ddi-authority.philips.com", + "dns.soa.serial_number": "387", + "dns.soa.refresh_interval": "1200", + "dns.soa.retry_interval": "300", + "dns.soa.expire_limit": "1209600", + "dns.soa.mininum_ttl": "3600" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 17:33:23.048272000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508459603.048272000", + "frame.time_delta": "0.001182000", + "frame.time_delta_displayed": "0.001182000", + "frame.time_relative": "1890.643068000", + "frame.number": "1875", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00001f1c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000999e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "51510", + "udp.dstport": "53", + "udp.port": "51510", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000127d", + "udp.checksum.status": "2", + "udp.stream": "52" + }, + "dns": { + "dns.response_in": "1876", + "dns.id": "0x0000048a", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 17:33:23.049516000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508459603.049516000", + "frame.time_delta": "0.001244000", + "frame.time_delta_displayed": "0.001244000", + "frame.time_relative": "1890.644312000", + "frame.number": "1876", + "frame.len": "285", + "frame.cap_len": "285", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "271", + "ip.id": "0x00002b53", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008c99", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "51510", + "udp.port": "53", + "udp.port": "51510", + "udp.length": "251", + "udp.checksum": "0x000082fe", + "udp.checksum.status": "2", + "udp.stream": "52" + }, + "dns": { + "dns.response_to": "1875", + "dns.time": "0.001244000", + "dns.id": "0x0000048a", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "3", + "dns.count.add_rr": "6", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "644", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "644", + "dns.resp.len": "10", + "dns.ns": "ns1.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "644", + "dns.resp.len": "6", + "dns.ns": "ns2.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "644", + "dns.resp.len": "6", + "dns.ns": "ns3.ext.philips.com" + } + }, + "Additional records": { + "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "155007", + "dns.resp.len": "4", + "dns.a": "57.67.40.20" + }, + "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3438", + "dns.resp.len": "4", + "dns.a": "57.77.21.76" + }, + "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3438", + "dns.resp.len": "4", + "dns.a": "57.73.36.68" + }, + "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "158626", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce89:8001::57:67:40:20" + }, + "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "151199", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" + }, + "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "151199", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce9d:1::57:73:36:68" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 17:33:23.470381000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508459603.470381000", + "frame.time_delta": "0.000880000", + "frame.time_delta_displayed": "0.420865000", + "frame.time_relative": "1891.065177000", + "frame.number": "1892", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00001f22", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009998", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "44843", + "udp.dstport": "53", + "udp.port": "44843", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00001187", + "udp.checksum.status": "2", + "udp.stream": "53" + }, + "dns": { + "dns.response_in": "1893", + "dns.id": "0x0000048b", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 17:33:23.470880000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508459603.470880000", + "frame.time_delta": "0.000499000", + "frame.time_delta_displayed": "0.000499000", + "frame.time_relative": "1891.065676000", + "frame.number": "1893", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00002b76", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008d44", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "44843", + "udp.port": "53", + "udp.port": "44843", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "53" + }, + "dns": { + "dns.response_to": "1892", + "dns.time": "0.000499000", + "dns.id": "0x0000048b", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 17:33:23.471684000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508459603.471684000", + "frame.time_delta": "0.000804000", + "frame.time_delta_displayed": "0.000804000", + "frame.time_relative": "1891.066480000", + "frame.number": "1894", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00001f23", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009997", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "40021", + "udp.dstport": "53", + "udp.port": "40021", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00003f5c", + "udp.checksum.status": "2", + "udp.stream": "54" + }, + "dns": { + "dns.response_in": "1895", + "dns.id": "0x0000048c", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 17:33:23.472192000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508459603.472192000", + "frame.time_delta": "0.000508000", + "frame.time_delta_displayed": "0.000508000", + "frame.time_relative": "1891.066988000", + "frame.number": "1895", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x00002b77", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008d33", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "40021", + "udp.port": "53", + "udp.port": "40021", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "54" + }, + "dns": { + "dns.response_to": "1894", + "dns.time": "0.000508000", + "dns.id": "0x0000048c", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "644", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 17:37:51.689099000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508459871.689099000", + "frame.time_delta": "0.145237000", + "frame.time_delta_displayed": "268.216907000", + "frame.time_relative": "2159.283895000", + "frame.number": "2153", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x000053f4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000064c9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "49510", + "udp.dstport": "53", + "udp.port": "49510", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x000097c4", + "udp.checksum.status": "2", + "udp.stream": "60" + }, + "dns": { + "dns.response_in": "2154", + "dns.id": "0x0000048d", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 17:37:51.695550000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508459871.695550000", + "frame.time_delta": "0.006451000", + "frame.time_delta_displayed": "0.006451000", + "frame.time_relative": "2159.290346000", + "frame.number": "2154", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000851c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000031ec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "49510", + "udp.port": "53", + "udp.port": "49510", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "60" + }, + "dns": { + "dns.response_to": "2153", + "dns.time": "0.006451000", + "dns.id": "0x0000048d", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "141", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "13111", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.113" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2774", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2774", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2774", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2774", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2774", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2774", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2774", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2774", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2774", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "294", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 165.254.134.240": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4838", + "dns.resp.len": "4", + "dns.a": "165.254.134.240" + }, + "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.89": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7614", + "dns.resp.len": "4", + "dns.a": "165.254.16.89" + }, + "n3b.akamaiedge.net: type A, class IN, addr 165.254.16.90": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3676", + "dns.resp.len": "4", + "dns.a": "165.254.16.90" + }, + "n4b.akamaiedge.net: type A, class IN, addr 165.254.16.94": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4084", + "dns.resp.len": "4", + "dns.a": "165.254.16.94" + }, + "n5b.akamaiedge.net: type A, class IN, addr 165.254.134.244": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4641", + "dns.resp.len": "4", + "dns.a": "165.254.134.244" + }, + "n6b.akamaiedge.net: type A, class IN, addr 165.254.134.246": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "218", + "dns.resp.len": "4", + "dns.a": "165.254.134.246" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.232": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2322", + "dns.resp.len": "4", + "dns.a": "165.254.134.232" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4774", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 17:52:51.705423000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508460771.705423000", + "frame.time_delta": "3.937809000", + "frame.time_delta_displayed": "900.009873000", + "frame.time_relative": "3059.300219000", + "frame.number": "2958", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000b28e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000062f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "59344", + "udp.dstport": "53", + "udp.port": "59344", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x00007159", + "udp.checksum.status": "2", + "udp.stream": "72" + }, + "dns": { + "dns.response_in": "2959", + "dns.id": "0x0000048e", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 17:52:51.715857000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508460771.715857000", + "frame.time_delta": "0.010434000", + "frame.time_delta_displayed": "0.010434000", + "frame.time_relative": "3059.310653000", + "frame.number": "2959", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000ca5c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ecab", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "59344", + "udp.port": "53", + "udp.port": "59344", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "72" + }, + "dns": { + "dns.response_to": "2958", + "dns.time": "0.010434000", + "dns.id": "0x0000048e", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "116", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "10613", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.113" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2787", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2787", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2787", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2787", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2787", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2787", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2787", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2787", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2787", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1095", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7816", + "dns.resp.len": "4", + "dns.a": "184.51.200.159" + }, + "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.229": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "316", + "dns.resp.len": "4", + "dns.a": "173.197.192.229" + }, + "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.241": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "500", + "dns.resp.len": "4", + "dns.a": "165.254.134.241" + }, + "n4b.akamaiedge.net: type A, class IN, addr 165.254.134.244": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5409", + "dns.resp.len": "4", + "dns.a": "165.254.134.244" + }, + "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.33": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1157", + "dns.resp.len": "4", + "dns.a": "204.1.137.33" + }, + "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "954", + "dns.resp.len": "4", + "dns.a": "165.254.16.95" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.239": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1018", + "dns.resp.len": "4", + "dns.a": "165.254.134.239" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5792", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 18:07:51.725149000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508461671.725149000", + "frame.time_delta": "2.951813000", + "frame.time_delta_displayed": "900.009292000", + "frame.time_relative": "3959.319945000", + "frame.number": "3816", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000ba5a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000fe62", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "34709", + "udp.dstport": "53", + "udp.port": "34709", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000d193", + "udp.checksum.status": "2", + "udp.stream": "84" + }, + "dns": { + "dns.response_in": "3817", + "dns.id": "0x0000048f", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 18:07:51.735281000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508461671.735281000", + "frame.time_delta": "0.010132000", + "frame.time_delta_displayed": "0.010132000", + "frame.time_relative": "3959.330077000", + "frame.number": "3817", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x00004a90", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006c78", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "34709", + "udp.port": "53", + "udp.port": "34709", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "84" + }, + "dns": { + "dns.response_to": "3816", + "dns.time": "0.010132000", + "dns.id": "0x0000048f", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "142", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "11311", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.113" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "974", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "974", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "974", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "974", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "974", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "974", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "974", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "974", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "974", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2496", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 165.254.134.240": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3038", + "dns.resp.len": "4", + "dns.a": "165.254.134.240" + }, + "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.89": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5814", + "dns.resp.len": "4", + "dns.a": "165.254.16.89" + }, + "n3b.akamaiedge.net: type A, class IN, addr 165.254.16.90": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1876", + "dns.resp.len": "4", + "dns.a": "165.254.16.90" + }, + "n4b.akamaiedge.net: type A, class IN, addr 165.254.16.94": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2284", + "dns.resp.len": "4", + "dns.a": "165.254.16.94" + }, + "n5b.akamaiedge.net: type A, class IN, addr 165.254.134.244": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2841", + "dns.resp.len": "4", + "dns.a": "165.254.134.244" + }, + "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.93": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2419", + "dns.resp.len": "4", + "dns.a": "165.254.16.93" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.232": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "522", + "dns.resp.len": "4", + "dns.a": "165.254.134.232" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2974", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 18:12:56.852097000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508461976.852097000", + "frame.time_delta": "3.045152000", + "frame.time_delta_displayed": "305.116816000", + "frame.time_relative": "4264.446893000", + "frame.number": "5571", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000f879", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c03c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "46881", + "udp.dstport": "53", + "udp.port": "46881", + "udp.port": "53", + "udp.length": "49", + "udp.checksum": "0x0000d1bd", + "udp.checksum.status": "2", + "udp.stream": "89" + }, + "dns": { + "dns.response_in": "5572", + "dns.id": "0x00000490", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "diagnostics.meethue.com: type A, class IN": { + "dns.qry.name": "diagnostics.meethue.com", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 18:12:56.936468000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508461976.936468000", + "frame.time_delta": "0.084371000", + "frame.time_delta_displayed": "0.084371000", + "frame.time_relative": "4264.531264000", + "frame.number": "5572", + "frame.len": "297", + "frame.cap_len": "297", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "283", + "ip.id": "0x00008c6e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002b72", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "46881", + "udp.port": "53", + "udp.port": "46881", + "udp.length": "263", + "udp.checksum": "0x0000830a", + "udp.checksum.status": "2", + "udp.stream": "89" + }, + "dns": { + "dns.response_to": "5571", + "dns.time": "0.084371000", + "dns.id": "0x00000490", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "3", + "dns.count.add_rr": "6", + "Queries": { + "diagnostics.meethue.com: type A, class IN": { + "dns.qry.name": "diagnostics.meethue.com", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "diagnostics.meethue.com: type A, class IN, addr 130.211.67.12": { + "dns.resp.name": "diagnostics.meethue.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "300", + "dns.resp.len": "4", + "dns.a": "130.211.67.12" + } + }, + "Authoritative nameservers": { + "meethue.com: type NS, class IN, ns ns2.ext.philips.com": { + "dns.resp.name": "meethue.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3600", + "dns.resp.len": "18", + "dns.ns": "ns2.ext.philips.com" + }, + "meethue.com: type NS, class IN, ns ns3.ext.philips.com": { + "dns.resp.name": "meethue.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3600", + "dns.resp.len": "6", + "dns.ns": "ns3.ext.philips.com" + }, + "meethue.com: type NS, class IN, ns ns1.ext.philips.com": { + "dns.resp.name": "meethue.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3600", + "dns.resp.len": "6", + "dns.ns": "ns1.ext.philips.com" + } + }, + "Additional records": { + "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "172800", + "dns.resp.len": "4", + "dns.a": "57.67.40.20" + }, + "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "172800", + "dns.resp.len": "4", + "dns.a": "57.77.21.76" + }, + "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "172800", + "dns.resp.len": "4", + "dns.a": "57.73.36.68" + }, + "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2611", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce89:8001::57:67:40:20" + }, + "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "62777", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" + }, + "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "62777", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce9d:1::57:73:36:68" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 18:22:51.746902000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508462571.746902000", + "frame.time_delta": "2.037142000", + "frame.time_delta_displayed": "594.810434000", + "frame.time_relative": "4859.341698000", + "frame.number": "6175", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000f884", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c038", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "54444", + "udp.dstport": "53", + "udp.port": "54444", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000847a", + "udp.checksum.status": "2", + "udp.stream": "97" + }, + "dns": { + "dns.response_in": "6176", + "dns.id": "0x00000491", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 18:22:51.772932000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508462571.772932000", + "frame.time_delta": "0.026030000", + "frame.time_delta_displayed": "0.026030000", + "frame.time_relative": "4859.367728000", + "frame.number": "6176", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x00004cfa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006a0e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "54444", + "udp.port": "53", + "udp.port": "54444", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "97" + }, + "dns": { + "dns.response_to": "6175", + "dns.time": "0.026030000", + "dns.id": "0x00000491", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "116", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "8813", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.113" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "987", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "987", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "987", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "987", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "987", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "987", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "987", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "987", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "987", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3296", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6016", + "dns.resp.len": "4", + "dns.a": "184.51.200.159" + }, + "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.188": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6518", + "dns.resp.len": "4", + "dns.a": "96.17.70.188" + }, + "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.190": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2701", + "dns.resp.len": "4", + "dns.a": "96.17.70.190" + }, + "n4b.akamaiedge.net: type A, class IN, addr 165.254.134.244": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3609", + "dns.resp.len": "4", + "dns.a": "165.254.134.244" + }, + "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7358", + "dns.resp.len": "4", + "dns.a": "165.254.16.89" + }, + "n6b.akamaiedge.net: type A, class IN, addr 184.51.200.166": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3156", + "dns.resp.len": "4", + "dns.a": "184.51.200.166" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5219", + "dns.resp.len": "4", + "dns.a": "165.254.16.92" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3992", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 18:33:21.624384000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508463201.624384000", + "frame.time_delta": "0.266457000", + "frame.time_delta_displayed": "629.851452000", + "frame.time_relative": "5489.219180000", + "frame.number": "6744", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000bf31", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000f988", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "37292", + "udp.dstport": "53", + "udp.port": "37292", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00002eff", + "udp.checksum.status": "2", + "udp.stream": "102" + }, + "dns": { + "dns.response_in": "6745", + "dns.id": "0x00000492", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 18:33:21.626468000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508463201.626468000", + "frame.time_delta": "0.002084000", + "frame.time_delta_displayed": "0.002084000", + "frame.time_relative": "5489.221264000", + "frame.number": "6745", + "frame.len": "137", + "frame.cap_len": "137", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "123", + "ip.id": "0x00003f71", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000790f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "37292", + "udp.port": "53", + "udp.port": "37292", + "udp.length": "103", + "udp.checksum": "0x0000826a", + "udp.checksum.status": "2", + "udp.stream": "102" + }, + "dns": { + "dns.response_to": "6744", + "dns.time": "0.002084000", + "dns.id": "0x00000492", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "6", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3220", + "dns.resp.len": "46", + "dns.soa.mname": "ns1.ext.philips.com", + "dns.soa.rname": "ddi-authority.philips.com", + "dns.soa.serial_number": "387", + "dns.soa.refresh_interval": "1200", + "dns.soa.retry_interval": "300", + "dns.soa.expire_limit": "1209600", + "dns.soa.mininum_ttl": "3600" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 18:33:21.627301000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508463201.627301000", + "frame.time_delta": "0.000833000", + "frame.time_delta_displayed": "0.000833000", + "frame.time_relative": "5489.222097000", + "frame.number": "6746", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000bf32", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000f987", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "54874", + "udp.dstport": "53", + "udp.port": "54874", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00000550", + "udp.checksum.status": "2", + "udp.stream": "103" + }, + "dns": { + "dns.response_in": "6747", + "dns.id": "0x00000493", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 18:33:21.628812000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508463201.628812000", + "frame.time_delta": "0.001511000", + "frame.time_delta_displayed": "0.001511000", + "frame.time_relative": "5489.223608000", + "frame.number": "6747", + "frame.len": "285", + "frame.cap_len": "285", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "271", + "ip.id": "0x00003f72", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000787a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "54874", + "udp.port": "53", + "udp.port": "54874", + "udp.length": "251", + "udp.checksum": "0x000082fe", + "udp.checksum.status": "2", + "udp.stream": "103" + }, + "dns": { + "dns.response_to": "6746", + "dns.time": "0.001511000", + "dns.id": "0x00000493", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "3", + "dns.count.add_rr": "6", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2985", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "413", + "dns.resp.len": "10", + "dns.ns": "ns1.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "413", + "dns.resp.len": "6", + "dns.ns": "ns2.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "413", + "dns.resp.len": "6", + "dns.ns": "ns3.ext.philips.com" + } + }, + "Additional records": { + "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "171575", + "dns.resp.len": "4", + "dns.a": "57.67.40.20" + }, + "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "171575", + "dns.resp.len": "4", + "dns.a": "57.77.21.76" + }, + "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "171575", + "dns.resp.len": "4", + "dns.a": "57.73.36.68" + }, + "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1386", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce89:8001::57:67:40:20" + }, + "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "61552", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" + }, + "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "61552", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce9d:1::57:73:36:68" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 18:33:22.044352000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508463202.044352000", + "frame.time_delta": "0.001668000", + "frame.time_delta_displayed": "0.415540000", + "frame.time_relative": "5489.639148000", + "frame.number": "6763", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000bf41", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000f978", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "55176", + "udp.dstport": "53", + "udp.port": "55176", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000e920", + "udp.checksum.status": "2", + "udp.stream": "104" + }, + "dns": { + "dns.response_in": "6764", + "dns.id": "0x00000494", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 18:33:22.044953000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508463202.044953000", + "frame.time_delta": "0.000601000", + "frame.time_delta_displayed": "0.000601000", + "frame.time_relative": "5489.639749000", + "frame.number": "6764", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00003f96", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007924", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "55176", + "udp.port": "53", + "udp.port": "55176", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "104" + }, + "dns": { + "dns.response_to": "6763", + "dns.time": "0.000601000", + "dns.id": "0x00000494", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 18:33:22.045769000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508463202.045769000", + "frame.time_delta": "0.000816000", + "frame.time_delta_displayed": "0.000816000", + "frame.time_relative": "5489.640565000", + "frame.number": "6765", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000bf42", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000f977", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "60660", + "udp.dstport": "53", + "udp.port": "60660", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000eeb3", + "udp.checksum.status": "2", + "udp.stream": "105" + }, + "dns": { + "dns.response_in": "6766", + "dns.id": "0x00000495", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 18:33:22.046379000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508463202.046379000", + "frame.time_delta": "0.000610000", + "frame.time_delta_displayed": "0.000610000", + "frame.time_relative": "5489.641175000", + "frame.number": "6766", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x00003f97", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007913", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "60660", + "udp.port": "53", + "udp.port": "60660", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "105" + }, + "dns": { + "dns.response_to": "6765", + "dns.time": "0.000610000", + "dns.id": "0x00000495", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2984", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 18:37:51.778249000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508463471.778249000", + "frame.time_delta": "3.324074000", + "frame.time_delta_displayed": "269.731870000", + "frame.time_relative": "5759.373045000", + "frame.number": "7048", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00001dd7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009ae6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "36809", + "udp.dstport": "53", + "udp.port": "36809", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000c958", + "udp.checksum.status": "2", + "udp.stream": "113" + }, + "dns": { + "dns.response_in": "7049", + "dns.id": "0x00000496", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 18:37:51.799436000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508463471.799436000", + "frame.time_delta": "0.021187000", + "frame.time_delta_displayed": "0.021187000", + "frame.time_relative": "5759.394232000", + "frame.number": "7049", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000431d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000073eb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "36809", + "udp.port": "53", + "udp.port": "36809", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "113" + }, + "dns": { + "dns.response_to": "7048", + "dns.time": "0.021187000", + "dns.id": "0x00000496", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "116", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7913", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.113" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "87", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "87", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "87", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "87", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "87", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "87", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "87", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "87", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "87", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2396", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5116", + "dns.resp.len": "4", + "dns.a": "184.51.200.159" + }, + "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.188": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5618", + "dns.resp.len": "4", + "dns.a": "96.17.70.188" + }, + "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.190": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1801", + "dns.resp.len": "4", + "dns.a": "96.17.70.190" + }, + "n4b.akamaiedge.net: type A, class IN, addr 165.254.134.244": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2709", + "dns.resp.len": "4", + "dns.a": "165.254.134.244" + }, + "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6458", + "dns.resp.len": "4", + "dns.a": "165.254.16.89" + }, + "n6b.akamaiedge.net: type A, class IN, addr 184.51.200.166": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2256", + "dns.resp.len": "4", + "dns.a": "184.51.200.166" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4319", + "dns.resp.len": "4", + "dns.a": "165.254.16.92" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3092", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 18:52:51.807701000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508464371.807701000", + "frame.time_delta": "0.379478000", + "frame.time_delta_displayed": "900.008265000", + "frame.time_relative": "6659.402497000", + "frame.number": "7913", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00009e02", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001abb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "47598", + "udp.dstport": "53", + "udp.port": "47598", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x00009f32", + "udp.checksum.status": "2", + "udp.stream": "123" + }, + "dns": { + "dns.response_in": "7914", + "dns.id": "0x00000497", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 18:52:51.814443000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508464371.814443000", + "frame.time_delta": "0.006742000", + "frame.time_delta_displayed": "0.006742000", + "frame.time_relative": "6659.409239000", + "frame.number": "7914", + "frame.len": "467", + "frame.cap_len": "467", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "453", + "ip.id": "0x0000e205", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000d530", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "47598", + "udp.port": "53", + "udp.port": "47598", + "udp.length": "433", + "udp.checksum": "0x000083b4", + "udp.checksum.status": "2", + "udp.stream": "123" + }, + "dns": { + "dns.response_to": "7913", + "dns.time": "0.006742000", + "dns.id": "0x00000497", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "8", + "dns.count.add_rr": "8", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "142", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "8611", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.113": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.113" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "275", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "275", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "275", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "275", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "275", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "275", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "275", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "275", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3797", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 165.254.134.240": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "338", + "dns.resp.len": "4", + "dns.a": "165.254.134.240" + }, + "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.89": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3114", + "dns.resp.len": "4", + "dns.a": "165.254.16.89" + }, + "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3177", + "dns.resp.len": "4", + "dns.a": "173.197.192.229" + }, + "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5586", + "dns.resp.len": "4", + "dns.a": "173.197.192.230" + }, + "n5b.akamaiedge.net: type A, class IN, addr 165.254.134.244": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "141", + "dns.resp.len": "4", + "dns.a": "165.254.134.244" + }, + "n6b.akamaiedge.net: type A, class IN, addr 173.197.192.234": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3720", + "dns.resp.len": "4", + "dns.a": "173.197.192.234" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3824", + "dns.resp.len": "4", + "dns.a": "165.254.16.92" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 19:07:51.823654000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508465271.823654000", + "frame.time_delta": "3.748666000", + "frame.time_delta_displayed": "900.009211000", + "frame.time_relative": "7559.418450000", + "frame.number": "8671", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000e910", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000cfac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "33804", + "udp.dstport": "53", + "udp.port": "33804", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000d513", + "udp.checksum.status": "2", + "udp.stream": "132" + }, + "dns": { + "dns.response_in": "8672", + "dns.id": "0x00000498", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 19:07:51.884431000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508465271.884431000", + "frame.time_delta": "0.060777000", + "frame.time_delta_displayed": "0.060777000", + "frame.time_relative": "7559.479227000", + "frame.number": "8672", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x00004cdb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006a2d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "33804", + "udp.port": "53", + "udp.port": "33804", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "132" + }, + "dns": { + "dns.response_to": "8671", + "dns.time": "0.060777000", + "dns.id": "0x00000498", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "116", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6113", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.73": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.73" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.2": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.2" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2288", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2288", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2288", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2288", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2288", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2288", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2288", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2288", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2288", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "596", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3316", + "dns.resp.len": "4", + "dns.a": "184.51.200.159" + }, + "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.188": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3818", + "dns.resp.len": "4", + "dns.a": "96.17.70.188" + }, + "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.190": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1", + "dns.resp.len": "4", + "dns.a": "96.17.70.190" + }, + "n4b.akamaiedge.net: type A, class IN, addr 165.254.134.244": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "909", + "dns.resp.len": "4", + "dns.a": "165.254.134.244" + }, + "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4658", + "dns.resp.len": "4", + "dns.a": "165.254.16.89" + }, + "n6b.akamaiedge.net: type A, class IN, addr 184.51.200.166": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "456", + "dns.resp.len": "4", + "dns.a": "184.51.200.166" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2519", + "dns.resp.len": "4", + "dns.a": "165.254.16.92" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1292", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 19:22:51.895282000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508466171.895282000", + "frame.time_delta": "7.109343000", + "frame.time_delta_displayed": "900.010851000", + "frame.time_relative": "8459.490078000", + "frame.number": "9475", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000ffbc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b900", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "33283", + "udp.dstport": "53", + "udp.port": "33283", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000d71b", + "udp.checksum.status": "2", + "udp.stream": "144" + }, + "dns": { + "dns.response_in": "9476", + "dns.id": "0x00000499", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 19:22:51.906565000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508466171.906565000", + "frame.time_delta": "0.011283000", + "frame.time_delta_displayed": "0.011283000", + "frame.time_relative": "8459.501361000", + "frame.number": "9476", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000a915", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000df3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "33283", + "udp.port": "53", + "udp.port": "33283", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "144" + }, + "dns": { + "dns.response_to": "9475", + "dns.time": "0.011283000", + "dns.id": "0x00000499", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "142", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6811", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2475", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2475", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2475", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2475", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2475", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2475", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2475", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2475", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2475", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1997", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6539", + "dns.resp.len": "4", + "dns.a": "204.1.137.41" + }, + "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.89": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1314", + "dns.resp.len": "4", + "dns.a": "165.254.16.89" + }, + "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1377", + "dns.resp.len": "4", + "dns.a": "173.197.192.229" + }, + "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3786", + "dns.resp.len": "4", + "dns.a": "173.197.192.230" + }, + "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.37": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6342", + "dns.resp.len": "4", + "dns.a": "204.1.137.37" + }, + "n6b.akamaiedge.net: type A, class IN, addr 173.197.192.234": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1920", + "dns.resp.len": "4", + "dns.a": "173.197.192.234" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2024", + "dns.resp.len": "4", + "dns.a": "165.254.16.92" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4475", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 19:33:22.239450000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508466802.239450000", + "frame.time_delta": "4.788057000", + "frame.time_delta_displayed": "630.332885000", + "frame.time_relative": "9089.834246000", + "frame.number": "10050", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000751c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000439e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "51418", + "udp.dstport": "53", + "udp.port": "51418", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000f7c8", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "dns": { + "dns.response_in": "10051", + "dns.id": "0x0000049a", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 19:33:22.241425000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508466802.241425000", + "frame.time_delta": "0.001975000", + "frame.time_delta_displayed": "0.001975000", + "frame.time_relative": "9089.836221000", + "frame.number": "10051", + "frame.len": "137", + "frame.cap_len": "137", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "123", + "ip.id": "0x000030bf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000087c1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "51418", + "udp.port": "53", + "udp.port": "51418", + "udp.length": "103", + "udp.checksum": "0x0000826a", + "udp.checksum.status": "2", + "udp.stream": "151" + }, + "dns": { + "dns.response_to": "10050", + "dns.time": "0.001975000", + "dns.id": "0x0000049a", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "6", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1786", + "dns.resp.len": "46", + "dns.soa.mname": "ns1.ext.philips.com", + "dns.soa.rname": "ddi-authority.philips.com", + "dns.soa.serial_number": "387", + "dns.soa.refresh_interval": "1200", + "dns.soa.retry_interval": "300", + "dns.soa.expire_limit": "1209600", + "dns.soa.mininum_ttl": "3600" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 19:33:22.242432000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508466802.242432000", + "frame.time_delta": "0.001007000", + "frame.time_delta_displayed": "0.001007000", + "frame.time_relative": "9089.837228000", + "frame.number": "10052", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000751d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000439d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "60729", + "udp.dstport": "53", + "udp.port": "60729", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000ee68", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "dns": { + "dns.response_in": "10053", + "dns.id": "0x0000049b", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 19:33:22.244090000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508466802.244090000", + "frame.time_delta": "0.001658000", + "frame.time_delta_displayed": "0.001658000", + "frame.time_relative": "9089.838886000", + "frame.number": "10053", + "frame.len": "285", + "frame.cap_len": "285", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "271", + "ip.id": "0x000030c0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000872c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "60729", + "udp.port": "53", + "udp.port": "60729", + "udp.length": "251", + "udp.checksum": "0x000082fe", + "udp.checksum.status": "2", + "udp.stream": "152" + }, + "dns": { + "dns.response_to": "10052", + "dns.time": "0.001658000", + "dns.id": "0x0000049b", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "3", + "dns.count.add_rr": "6", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1786", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1786", + "dns.resp.len": "10", + "dns.ns": "ns1.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1786", + "dns.resp.len": "6", + "dns.ns": "ns3.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1786", + "dns.resp.len": "6", + "dns.ns": "ns2.ext.philips.com" + } + }, + "Additional records": { + "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "147808", + "dns.resp.len": "4", + "dns.a": "57.67.40.20" + }, + "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "172526", + "dns.resp.len": "4", + "dns.a": "57.77.21.76" + }, + "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "172526", + "dns.resp.len": "4", + "dns.a": "57.73.36.68" + }, + "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "151427", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce89:8001::57:67:40:20" + }, + "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "144000", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" + }, + "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "144000", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce9d:1::57:73:36:68" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 19:33:22.660387000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508466802.660387000", + "frame.time_delta": "0.001051000", + "frame.time_delta_displayed": "0.416297000", + "frame.time_relative": "9090.255183000", + "frame.number": "10069", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00007547", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004373", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "46220", + "udp.dstport": "53", + "udp.port": "46220", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00000c15", + "udp.checksum.status": "2", + "udp.stream": "153" + }, + "dns": { + "dns.response_in": "10070", + "dns.id": "0x0000049c", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 19:33:22.660954000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508466802.660954000", + "frame.time_delta": "0.000567000", + "frame.time_delta_displayed": "0.000567000", + "frame.time_relative": "9090.255750000", + "frame.number": "10070", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x000030d6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000087e4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "46220", + "udp.port": "53", + "udp.port": "46220", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "153" + }, + "dns": { + "dns.response_to": "10069", + "dns.time": "0.000567000", + "dns.id": "0x0000049c", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 19:33:22.661749000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508466802.661749000", + "frame.time_delta": "0.000795000", + "frame.time_delta_displayed": "0.000795000", + "frame.time_relative": "9090.256545000", + "frame.number": "10071", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00007548", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004372", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "51255", + "udp.dstport": "53", + "udp.port": "51255", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00001369", + "udp.checksum.status": "2", + "udp.stream": "154" + }, + "dns": { + "dns.response_in": "10072", + "dns.id": "0x0000049d", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 19:33:22.662301000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508466802.662301000", + "frame.time_delta": "0.000552000", + "frame.time_delta_displayed": "0.000552000", + "frame.time_relative": "9090.257097000", + "frame.number": "10072", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x000030d7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000087d3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "51255", + "udp.port": "53", + "udp.port": "51255", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "154" + }, + "dns": { + "dns.response_to": "10071", + "dns.time": "0.000552000", + "dns.id": "0x0000049d", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1786", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 19:37:51.914199000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508467071.914199000", + "frame.time_delta": "0.065381000", + "frame.time_delta_displayed": "269.251898000", + "frame.time_relative": "9359.508995000", + "frame.number": "10287", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x000089fd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002ec0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "41837", + "udp.dstport": "53", + "udp.port": "41837", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000b5ac", + "udp.checksum.status": "2", + "udp.stream": "155" + }, + "dns": { + "dns.response_in": "10288", + "dns.id": "0x0000049e", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 19:37:51.978100000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508467071.978100000", + "frame.time_delta": "0.063901000", + "frame.time_delta_displayed": "0.063901000", + "frame.time_relative": "9359.572896000", + "frame.number": "10288", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x00008e7d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000288b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "41837", + "udp.port": "53", + "udp.port": "41837", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "155" + }, + "dns": { + "dns.response_to": "10287", + "dns.time": "0.063901000", + "dns.id": "0x0000049e", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "117", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4313", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "488", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "488", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "488", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "488", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "488", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "488", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "488", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "488", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "488", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2799", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1516", + "dns.resp.len": "4", + "dns.a": "184.51.200.159" + }, + "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.188": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2018", + "dns.resp.len": "4", + "dns.a": "96.17.70.188" + }, + "n3b.akamaiedge.net: type A, class IN, addr 204.1.137.33": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2202", + "dns.resp.len": "4", + "dns.a": "204.1.137.33" + }, + "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5110", + "dns.resp.len": "4", + "dns.a": "173.197.192.230" + }, + "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2858", + "dns.resp.len": "4", + "dns.a": "165.254.16.89" + }, + "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.188": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2660", + "dns.resp.len": "4", + "dns.a": "96.17.70.188" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.16.92": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "719", + "dns.resp.len": "4", + "dns.a": "165.254.16.92" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5496", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 19:52:51.985173000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508467971.985173000", + "frame.time_delta": "0.373714000", + "frame.time_delta_displayed": "900.007073000", + "frame.time_relative": "10259.579969000", + "frame.number": "11065", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000b24b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000672", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "33682", + "udp.dstport": "53", + "udp.port": "33682", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000d586", + "udp.checksum.status": "2", + "udp.stream": "163" + }, + "dns": { + "dns.response_in": "11066", + "dns.id": "0x0000049f", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 19:52:52.048951000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508467972.048951000", + "frame.time_delta": "0.063778000", + "frame.time_delta_displayed": "0.063778000", + "frame.time_relative": "10259.643747000", + "frame.number": "11066", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x00008dbf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002949", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "33682", + "udp.port": "53", + "udp.port": "33682", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "163" + }, + "dns": { + "dns.response_to": "11065", + "dns.time": "0.063778000", + "dns.id": "0x0000049f", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "117", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3413", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.73": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.73" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.2": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.2" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3589", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3589", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3589", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3589", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3589", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3589", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3589", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3589", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3589", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1898", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 184.51.200.159": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "615", + "dns.resp.len": "4", + "dns.a": "184.51.200.159" + }, + "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.188": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1117", + "dns.resp.len": "4", + "dns.a": "96.17.70.188" + }, + "n3b.akamaiedge.net: type A, class IN, addr 204.1.137.33": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1301", + "dns.resp.len": "4", + "dns.a": "204.1.137.33" + }, + "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4209", + "dns.resp.len": "4", + "dns.a": "173.197.192.230" + }, + "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1957", + "dns.resp.len": "4", + "dns.a": "165.254.16.89" + }, + "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.188": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1759", + "dns.resp.len": "4", + "dns.a": "96.17.70.188" + }, + "n7b.akamaiedge.net: type A, class IN, addr 173.197.192.237": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5819", + "dns.resp.len": "4", + "dns.a": "173.197.192.237" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4595", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 20:07:52.060309000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508468872.060309000", + "frame.time_delta": "0.486449000", + "frame.time_delta_displayed": "900.011358000", + "frame.time_relative": "11159.655105000", + "frame.number": "11855", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000fdee", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bace", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "49312", + "udp.dstport": "53", + "udp.port": "49312", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x00009877", + "udp.checksum.status": "2", + "udp.stream": "171" + }, + "dns": { + "dns.response_in": "11856", + "dns.id": "0x000004a0", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 20:07:52.067203000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508468872.067203000", + "frame.time_delta": "0.006894000", + "frame.time_delta_displayed": "0.006894000", + "frame.time_relative": "11159.661999000", + "frame.number": "11856", + "frame.len": "467", + "frame.cap_len": "467", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "453", + "ip.id": "0x0000b190", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000005a6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "49312", + "udp.port": "53", + "udp.port": "49312", + "udp.length": "433", + "udp.checksum": "0x000083b4", + "udp.checksum.status": "2", + "udp.stream": "171" + }, + "dns": { + "dns.response_to": "11855", + "dns.time": "0.006894000", + "dns.id": "0x000004a0", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "8", + "dns.count.add_rr": "8", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "141", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4110", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.27" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.42" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "774", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "774", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "774", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "774", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "774", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "774", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "774", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "774", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3298", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3838", + "dns.resp.len": "4", + "dns.a": "204.1.137.41" + }, + "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.233": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6614", + "dns.resp.len": "4", + "dns.a": "173.197.192.233" + }, + "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2677", + "dns.resp.len": "4", + "dns.a": "173.197.192.229" + }, + "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1085", + "dns.resp.len": "4", + "dns.a": "173.197.192.230" + }, + "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.37": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3641", + "dns.resp.len": "4", + "dns.a": "204.1.137.37" + }, + "n6b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3220", + "dns.resp.len": "4", + "dns.a": "204.1.137.41" + }, + "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.37": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5325", + "dns.resp.len": "4", + "dns.a": "204.1.137.37" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 20:22:52.076126000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508469772.076126000", + "frame.time_delta": "0.590869000", + "frame.time_delta_displayed": "900.008923000", + "frame.time_relative": "12059.670922000", + "frame.number": "12657", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000a2db", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000015e2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53703", + "udp.dstport": "53", + "udp.port": "53703", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000874f", + "udp.checksum.status": "2", + "udp.stream": "177" + }, + "dns": { + "dns.response_in": "12658", + "dns.id": "0x000004a1", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 20:22:52.112051000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508469772.112051000", + "frame.time_delta": "0.035925000", + "frame.time_delta_displayed": "0.035925000", + "frame.time_relative": "12059.706847000", + "frame.number": "12658", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000ccc6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ea41", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "53703", + "udp.port": "53", + "udp.port": "53703", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "177" + }, + "dns": { + "dns.response_to": "12657", + "dns.time": "0.035925000", + "dns.id": "0x000004a1", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "116", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1612", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.2": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.2" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.73": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.73" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1789", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1789", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1789", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1789", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1789", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1789", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1789", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1789", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1789", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "98", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6816", + "dns.resp.len": "4", + "dns.a": "198.172.88.208" + }, + "n2b.akamaiedge.net: type A, class IN, addr 198.172.88.208": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7318", + "dns.resp.len": "4", + "dns.a": "198.172.88.208" + }, + "n3b.akamaiedge.net: type A, class IN, addr 198.172.88.200": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3503", + "dns.resp.len": "4", + "dns.a": "198.172.88.200" + }, + "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2409", + "dns.resp.len": "4", + "dns.a": "173.197.192.230" + }, + "n5b.akamaiedge.net: type A, class IN, addr 165.254.16.89": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "157", + "dns.resp.len": "4", + "dns.a": "165.254.16.89" + }, + "n6b.akamaiedge.net: type A, class IN, addr 198.172.88.205": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3960", + "dns.resp.len": "4", + "dns.a": "198.172.88.205" + }, + "n7b.akamaiedge.net: type A, class IN, addr 173.197.192.237": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4019", + "dns.resp.len": "4", + "dns.a": "173.197.192.237" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2795", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 20:33:22.842206000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508470402.842206000", + "frame.time_delta": "0.384116000", + "frame.time_delta_displayed": "630.730155000", + "frame.time_relative": "12690.437002000", + "frame.number": "13303", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000dd6f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000db4a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "44754", + "udp.dstport": "53", + "udp.port": "44754", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x000011c9", + "udp.checksum.status": "2", + "udp.stream": "184" + }, + "dns": { + "dns.response_in": "13304", + "dns.id": "0x000004a2", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 20:33:22.844183000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508470402.844183000", + "frame.time_delta": "0.001977000", + "frame.time_delta_displayed": "0.001977000", + "frame.time_relative": "12690.438979000", + "frame.number": "13304", + "frame.len": "137", + "frame.cap_len": "137", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "123", + "ip.id": "0x00000246", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b63a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "44754", + "udp.port": "53", + "udp.port": "44754", + "udp.length": "103", + "udp.checksum": "0x0000826a", + "udp.checksum.status": "2", + "udp.stream": "184" + }, + "dns": { + "dns.response_to": "13303", + "dns.time": "0.001977000", + "dns.id": "0x000004a2", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "6", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3219", + "dns.resp.len": "46", + "dns.soa.mname": "ns1.ext.philips.com", + "dns.soa.rname": "ddi-authority.philips.com", + "dns.soa.serial_number": "387", + "dns.soa.refresh_interval": "1200", + "dns.soa.retry_interval": "300", + "dns.soa.expire_limit": "1209600", + "dns.soa.mininum_ttl": "3600" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 20:33:22.846468000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508470402.846468000", + "frame.time_delta": "0.002285000", + "frame.time_delta_displayed": "0.002285000", + "frame.time_relative": "12690.441264000", + "frame.number": "13305", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000dd70", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000db49", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "35982", + "udp.dstport": "53", + "udp.port": "35982", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00004f0c", + "udp.checksum.status": "2", + "udp.stream": "185" + }, + "dns": { + "dns.response_in": "13306", + "dns.id": "0x000004a3", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 20:33:22.848081000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508470402.848081000", + "frame.time_delta": "0.001613000", + "frame.time_delta_displayed": "0.001613000", + "frame.time_relative": "12690.442877000", + "frame.number": "13306", + "frame.len": "285", + "frame.cap_len": "285", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "271", + "ip.id": "0x00000247", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b5a5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "35982", + "udp.port": "53", + "udp.port": "35982", + "udp.length": "251", + "udp.checksum": "0x000082fe", + "udp.checksum.status": "2", + "udp.stream": "185" + }, + "dns": { + "dns.response_to": "13305", + "dns.time": "0.001613000", + "dns.id": "0x000004a3", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "3", + "dns.count.add_rr": "6", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3161", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "645", + "dns.resp.len": "10", + "dns.ns": "ns3.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "645", + "dns.resp.len": "6", + "dns.ns": "ns2.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "645", + "dns.resp.len": "6", + "dns.ns": "ns1.ext.philips.com" + } + }, + "Additional records": { + "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "856", + "dns.resp.len": "4", + "dns.a": "57.67.40.20" + }, + "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "164374", + "dns.resp.len": "4", + "dns.a": "57.77.21.76" + }, + "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "164374", + "dns.resp.len": "4", + "dns.a": "57.73.36.68" + }, + "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2117", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce89:8001::57:67:40:20" + }, + "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "54351", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" + }, + "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "54351", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce9d:1::57:73:36:68" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 20:33:23.264573000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508470403.264573000", + "frame.time_delta": "0.001337000", + "frame.time_delta_displayed": "0.416492000", + "frame.time_relative": "12690.859369000", + "frame.number": "13322", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000dd71", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000db48", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56095", + "udp.dstport": "53", + "udp.port": "56095", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000e579", + "udp.checksum.status": "2", + "udp.stream": "186" + }, + "dns": { + "dns.response_in": "13323", + "dns.id": "0x000004a4", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 20:33:23.265148000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508470403.265148000", + "frame.time_delta": "0.000575000", + "frame.time_delta_displayed": "0.000575000", + "frame.time_relative": "12690.859944000", + "frame.number": "13323", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000026e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b64c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "56095", + "udp.port": "53", + "udp.port": "56095", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "186" + }, + "dns": { + "dns.response_to": "13322", + "dns.time": "0.000575000", + "dns.id": "0x000004a4", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 20:33:23.266041000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508470403.266041000", + "frame.time_delta": "0.000893000", + "frame.time_delta_displayed": "0.000893000", + "frame.time_relative": "12690.860837000", + "frame.number": "13324", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000dd72", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000db47", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "41786", + "udp.dstport": "53", + "udp.port": "41786", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000385e", + "udp.checksum.status": "2", + "udp.stream": "187" + }, + "dns": { + "dns.response_in": "13325", + "dns.id": "0x000004a5", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 20:33:23.266579000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508470403.266579000", + "frame.time_delta": "0.000538000", + "frame.time_delta_displayed": "0.000538000", + "frame.time_relative": "12690.861375000", + "frame.number": "13325", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x0000026f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b63b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "41786", + "udp.port": "53", + "udp.port": "41786", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "187" + }, + "dns": { + "dns.response_to": "13324", + "dns.time": "0.000538000", + "dns.id": "0x000004a5", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3160", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 20:37:52.120059000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508470672.120059000", + "frame.time_delta": "0.625668000", + "frame.time_delta_displayed": "268.853480000", + "frame.time_relative": "12959.714855000", + "frame.number": "13582", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00002649", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009274", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "54738", + "udp.dstport": "53", + "udp.port": "54738", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000833f", + "udp.checksum.status": "2", + "udp.stream": "188" + }, + "dns": { + "dns.response_in": "13583", + "dns.id": "0x000004a6", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 20:37:52.140960000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508470672.140960000", + "frame.time_delta": "0.020901000", + "frame.time_delta_displayed": "0.020901000", + "frame.time_relative": "12959.735756000", + "frame.number": "13583", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x00004310", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000073f8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "54738", + "udp.port": "53", + "udp.port": "54738", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "188" + }, + "dns": { + "dns.response_to": "13582", + "dns.time": "0.020901000", + "dns.id": "0x000004a6", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "116", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "712", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "889", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "889", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "889", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "889", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "889", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "889", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "889", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "889", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "889", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3199", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5916", + "dns.resp.len": "4", + "dns.a": "198.172.88.208" + }, + "n2b.akamaiedge.net: type A, class IN, addr 198.172.88.208": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6418", + "dns.resp.len": "4", + "dns.a": "198.172.88.208" + }, + "n3b.akamaiedge.net: type A, class IN, addr 198.172.88.200": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2603", + "dns.resp.len": "4", + "dns.a": "198.172.88.200" + }, + "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1509", + "dns.resp.len": "4", + "dns.a": "173.197.192.230" + }, + "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.206": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7258", + "dns.resp.len": "4", + "dns.a": "198.172.88.206" + }, + "n6b.akamaiedge.net: type A, class IN, addr 198.172.88.205": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3060", + "dns.resp.len": "4", + "dns.a": "198.172.88.205" + }, + "n7b.akamaiedge.net: type A, class IN, addr 173.197.192.237": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3119", + "dns.resp.len": "4", + "dns.a": "173.197.192.237" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1895", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 20:52:52.147811000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508471572.147811000", + "frame.time_delta": "0.719415000", + "frame.time_delta_displayed": "900.006851000", + "frame.time_relative": "13859.742607000", + "frame.number": "14361", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000e5bd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000d2ff", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "55123", + "udp.dstport": "53", + "udp.port": "55123", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x000081bd", + "udp.checksum.status": "2", + "udp.stream": "197" + }, + "dns": { + "dns.response_in": "14362", + "dns.id": "0x000004a7", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 20:52:52.212985000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508471572.212985000", + "frame.time_delta": "0.065174000", + "frame.time_delta_displayed": "0.065174000", + "frame.time_relative": "13859.807781000", + "frame.number": "14362", + "frame.len": "467", + "frame.cap_len": "467", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "453", + "ip.id": "0x00004fa4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006792", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "55123", + "udp.port": "53", + "udp.port": "55123", + "udp.length": "433", + "udp.checksum": "0x000083b4", + "udp.checksum.status": "2", + "udp.stream": "197" + }, + "dns": { + "dns.response_to": "14361", + "dns.time": "0.065174000", + "dns.id": "0x000004a7", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "8", + "dns.count.add_rr": "8", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "117", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "21417", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "989", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "989", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "989", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "989", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "989", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "989", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "989", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "989", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2299", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5016", + "dns.resp.len": "4", + "dns.a": "198.172.88.208" + }, + "n2b.akamaiedge.net: type A, class IN, addr 198.172.88.208": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5518", + "dns.resp.len": "4", + "dns.a": "198.172.88.208" + }, + "n3b.akamaiedge.net: type A, class IN, addr 198.172.88.200": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1703", + "dns.resp.len": "4", + "dns.a": "198.172.88.200" + }, + "n4b.akamaiedge.net: type A, class IN, addr 173.197.192.230": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "609", + "dns.resp.len": "4", + "dns.a": "173.197.192.230" + }, + "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.206": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6358", + "dns.resp.len": "4", + "dns.a": "198.172.88.206" + }, + "n6b.akamaiedge.net: type A, class IN, addr 198.172.88.205": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2160", + "dns.resp.len": "4", + "dns.a": "198.172.88.205" + }, + "n7b.akamaiedge.net: type A, class IN, addr 173.197.192.237": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2219", + "dns.resp.len": "4", + "dns.a": "173.197.192.237" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 21:07:52.219360000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508472472.219360000", + "frame.time_delta": "0.606095000", + "frame.time_delta_displayed": "900.006375000", + "frame.time_relative": "14759.814156000", + "frame.number": "15111", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000c5af", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000f30d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "44889", + "udp.dstport": "53", + "udp.port": "44889", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000a9b6", + "udp.checksum.status": "2", + "udp.stream": "205" + }, + "dns": { + "dns.response_in": "15112", + "dns.id": "0x000004a8", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 21:07:52.306389000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508472472.306389000", + "frame.time_delta": "0.087029000", + "frame.time_delta_displayed": "0.087029000", + "frame.time_relative": "14759.901185000", + "frame.number": "15112", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000a365", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000013a3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "44889", + "udp.port": "53", + "udp.port": "44889", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "205" + }, + "dns": { + "dns.response_to": "15111", + "dns.time": "0.087029000", + "dns.id": "0x000004a8", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "300", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "510", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1174", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1174", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1174", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1174", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1174", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1174", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1174", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1174", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1174", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3699", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "238", + "dns.resp.len": "4", + "dns.a": "204.1.137.41" + }, + "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.233": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3014", + "dns.resp.len": "4", + "dns.a": "173.197.192.233" + }, + "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3078", + "dns.resp.len": "4", + "dns.a": "173.197.192.229" + }, + "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.203": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3486", + "dns.resp.len": "4", + "dns.a": "198.172.88.203" + }, + "n5b.akamaiedge.net: type A, class IN, addr 204.1.137.37": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "41", + "dns.resp.len": "4", + "dns.a": "204.1.137.37" + }, + "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3621", + "dns.resp.len": "4", + "dns.a": "165.254.16.95" + }, + "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.37": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1725", + "dns.resp.len": "4", + "dns.a": "204.1.137.37" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4177", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 21:22:52.395472000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508473372.395472000", + "frame.time_delta": "3.711619000", + "frame.time_delta_displayed": "900.089083000", + "frame.time_relative": "15659.990268000", + "frame.number": "15884", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x000043a6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007517", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53892", + "udp.dstport": "53", + "udp.port": "53892", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000868a", + "udp.checksum.status": "2", + "udp.stream": "212" + }, + "dns": { + "dns.response_in": "15885", + "dns.id": "0x000004a9", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 21:22:52.423942000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508473372.423942000", + "frame.time_delta": "0.028470000", + "frame.time_delta_displayed": "0.028470000", + "frame.time_relative": "15660.018738000", + "frame.number": "15885", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000f1a1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c566", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "53892", + "udp.port": "53", + "udp.port": "53892", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "212" + }, + "dns": { + "dns.response_to": "15884", + "dns.time": "0.028470000", + "dns.id": "0x000004a9", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "142", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "21258", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.2": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.2" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.73": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.73" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "274", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "274", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "274", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "274", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "274", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "274", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "274", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "274", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "274", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2799", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7339", + "dns.resp.len": "4", + "dns.a": "198.172.88.208" + }, + "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.233": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2114", + "dns.resp.len": "4", + "dns.a": "173.197.192.233" + }, + "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2178", + "dns.resp.len": "4", + "dns.a": "173.197.192.229" + }, + "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.203": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2586", + "dns.resp.len": "4", + "dns.a": "198.172.88.203" + }, + "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.203": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7142", + "dns.resp.len": "4", + "dns.a": "198.172.88.203" + }, + "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2721", + "dns.resp.len": "4", + "dns.a": "165.254.16.95" + }, + "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.37": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "825", + "dns.resp.len": "4", + "dns.a": "204.1.137.37" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3277", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 21:33:23.396307000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508474003.396307000", + "frame.time_delta": "4.678140000", + "frame.time_delta_displayed": "630.972365000", + "frame.time_relative": "16290.991103000", + "frame.number": "16442", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x000096a0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000221a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "37663", + "udp.dstport": "53", + "udp.port": "37663", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00002d74", + "udp.checksum.status": "2", + "udp.stream": "215" + }, + "dns": { + "dns.response_in": "16443", + "dns.id": "0x000004aa", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 21:33:23.398249000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508474003.398249000", + "frame.time_delta": "0.001942000", + "frame.time_delta_displayed": "0.001942000", + "frame.time_relative": "16290.993045000", + "frame.number": "16443", + "frame.len": "137", + "frame.cap_len": "137", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "123", + "ip.id": "0x00008616", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000326a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "37663", + "udp.port": "53", + "udp.port": "37663", + "udp.length": "103", + "udp.checksum": "0x0000826a", + "udp.checksum.status": "2", + "udp.stream": "215" + }, + "dns": { + "dns.response_to": "16442", + "dns.time": "0.001942000", + "dns.id": "0x000004aa", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "6", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1786", + "dns.resp.len": "46", + "dns.soa.mname": "ns1.ext.philips.com", + "dns.soa.rname": "ddi-authority.philips.com", + "dns.soa.serial_number": "387", + "dns.soa.refresh_interval": "1200", + "dns.soa.retry_interval": "300", + "dns.soa.expire_limit": "1209600", + "dns.soa.mininum_ttl": "3600" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 21:33:23.399079000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508474003.399079000", + "frame.time_delta": "0.000830000", + "frame.time_delta_displayed": "0.000830000", + "frame.time_relative": "16290.993875000", + "frame.number": "16444", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x000096a1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002219", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "33353", + "udp.dstport": "53", + "udp.port": "33353", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00005949", + "udp.checksum.status": "2", + "udp.stream": "216" + }, + "dns": { + "dns.response_in": "16445", + "dns.id": "0x000004ab", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 21:33:23.400649000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508474003.400649000", + "frame.time_delta": "0.001570000", + "frame.time_delta_displayed": "0.001570000", + "frame.time_relative": "16290.995445000", + "frame.number": "16445", + "frame.len": "285", + "frame.cap_len": "285", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "271", + "ip.id": "0x00008617", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000031d5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "33353", + "udp.port": "53", + "udp.port": "33353", + "udp.length": "251", + "udp.checksum": "0x000082fe", + "udp.checksum.status": "2", + "udp.stream": "216" + }, + "dns": { + "dns.response_to": "16444", + "dns.time": "0.001570000", + "dns.id": "0x000004ab", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "3", + "dns.count.add_rr": "6", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1786", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1786", + "dns.resp.len": "10", + "dns.ns": "ns3.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1786", + "dns.resp.len": "6", + "dns.ns": "ns1.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1786", + "dns.resp.len": "6", + "dns.ns": "ns2.ext.philips.com" + } + }, + "Additional records": { + "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "140607", + "dns.resp.len": "4", + "dns.a": "57.67.40.20" + }, + "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "165325", + "dns.resp.len": "4", + "dns.a": "57.77.21.76" + }, + "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "165325", + "dns.resp.len": "4", + "dns.a": "57.73.36.68" + }, + "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "144226", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce89:8001::57:67:40:20" + }, + "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "136799", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" + }, + "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "136799", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce9d:1::57:73:36:68" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 21:33:23.818793000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508474003.818793000", + "frame.time_delta": "0.002460000", + "frame.time_delta_displayed": "0.418144000", + "frame.time_relative": "16291.413589000", + "frame.number": "16461", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x000096bd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000021fd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "52555", + "udp.dstport": "53", + "udp.port": "52555", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000f345", + "udp.checksum.status": "2", + "udp.stream": "217" + }, + "dns": { + "dns.response_in": "16462", + "dns.id": "0x000004ac", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 21:33:23.819379000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508474003.819379000", + "frame.time_delta": "0.000586000", + "frame.time_delta_displayed": "0.000586000", + "frame.time_relative": "16291.414175000", + "frame.number": "16462", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000861c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000329e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "52555", + "udp.port": "53", + "udp.port": "52555", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "217" + }, + "dns": { + "dns.response_to": "16461", + "dns.time": "0.000586000", + "dns.id": "0x000004ac", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 21:33:23.820220000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508474003.820220000", + "frame.time_delta": "0.000841000", + "frame.time_delta_displayed": "0.000841000", + "frame.time_relative": "16291.415016000", + "frame.number": "16463", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x000096be", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000021fc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "58656", + "udp.dstport": "53", + "udp.port": "58656", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000f66f", + "udp.checksum.status": "2", + "udp.stream": "218" + }, + "dns": { + "dns.response_in": "16464", + "dns.id": "0x000004ad", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 21:33:23.820779000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508474003.820779000", + "frame.time_delta": "0.000559000", + "frame.time_delta_displayed": "0.000559000", + "frame.time_relative": "16291.415575000", + "frame.number": "16464", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x0000861d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000328d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "58656", + "udp.port": "53", + "udp.port": "58656", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "218" + }, + "dns": { + "dns.response_to": "16463", + "dns.time": "0.000559000", + "dns.id": "0x000004ad", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1786", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 21:37:52.430247000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508474272.430247000", + "frame.time_delta": "3.692969000", + "frame.time_delta_displayed": "268.609468000", + "frame.time_relative": "16560.025043000", + "frame.number": "16697", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000e609", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000d2b3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "47128", + "udp.dstport": "53", + "udp.port": "47128", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000a0f1", + "udp.checksum.status": "2", + "udp.stream": "221" + }, + "dns": { + "dns.response_in": "16698", + "dns.id": "0x000004ae", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 21:37:52.445842000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508474272.445842000", + "frame.time_delta": "0.015595000", + "frame.time_delta_displayed": "0.015595000", + "frame.time_relative": "16560.040638000", + "frame.number": "16698", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000be56", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000f8b1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "47128", + "udp.port": "53", + "udp.port": "47128", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "221" + }, + "dns": { + "dns.response_to": "16697", + "dns.time": "0.015595000", + "dns.id": "0x000004ae", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "142", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20358", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3374", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3374", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3374", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3374", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3374", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3374", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3374", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3374", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3374", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1899", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6439", + "dns.resp.len": "4", + "dns.a": "198.172.88.208" + }, + "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.233": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1214", + "dns.resp.len": "4", + "dns.a": "173.197.192.233" + }, + "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1278", + "dns.resp.len": "4", + "dns.a": "173.197.192.229" + }, + "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.203": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1686", + "dns.resp.len": "4", + "dns.a": "198.172.88.203" + }, + "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.203": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6242", + "dns.resp.len": "4", + "dns.a": "198.172.88.203" + }, + "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1821", + "dns.resp.len": "4", + "dns.a": "165.254.16.95" + }, + "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.205": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5927", + "dns.resp.len": "4", + "dns.a": "198.172.88.205" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2377", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 21:52:52.450308000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508475172.450308000", + "frame.time_delta": "6.313074000", + "frame.time_delta_displayed": "900.004466000", + "frame.time_relative": "17460.045104000", + "frame.number": "17472", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00002b9d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008d20", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "58502", + "udp.dstport": "53", + "udp.port": "58502", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x00007482", + "udp.checksum.status": "2", + "udp.stream": "229" + }, + "dns": { + "dns.response_in": "17473", + "dns.id": "0x000004af", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 21:52:52.456608000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508475172.456608000", + "frame.time_delta": "0.006300000", + "frame.time_delta_displayed": "0.006300000", + "frame.time_relative": "17460.051404000", + "frame.number": "17473", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x000011ad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000a55b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "58502", + "udp.port": "53", + "udp.port": "58502", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "229" + }, + "dns": { + "dns.response_to": "17472", + "dns.time": "0.006300000", + "dns.id": "0x000004af", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "142", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "19458", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2474", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2474", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2474", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2474", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2474", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2474", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2474", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2474", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2474", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "999", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5539", + "dns.resp.len": "4", + "dns.a": "198.172.88.208" + }, + "n2b.akamaiedge.net: type A, class IN, addr 173.197.192.233": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "314", + "dns.resp.len": "4", + "dns.a": "173.197.192.233" + }, + "n3b.akamaiedge.net: type A, class IN, addr 173.197.192.229": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "378", + "dns.resp.len": "4", + "dns.a": "173.197.192.229" + }, + "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.203": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "786", + "dns.resp.len": "4", + "dns.a": "198.172.88.203" + }, + "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.203": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5342", + "dns.resp.len": "4", + "dns.a": "198.172.88.203" + }, + "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "921", + "dns.resp.len": "4", + "dns.a": "165.254.16.95" + }, + "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.205": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5027", + "dns.resp.len": "4", + "dns.a": "198.172.88.205" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1477", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 22:07:52.464775000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508476072.464775000", + "frame.time_delta": "4.206559000", + "frame.time_delta_displayed": "900.008167000", + "frame.time_relative": "18360.059571000", + "frame.number": "18263", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00005c8a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005c33", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "58930", + "udp.dstport": "53", + "udp.port": "58930", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x000072d5", + "udp.checksum.status": "2", + "udp.stream": "235" + }, + "dns": { + "dns.response_in": "18264", + "dns.id": "0x000004b0", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 22:07:52.473763000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508476072.473763000", + "frame.time_delta": "0.008988000", + "frame.time_delta_displayed": "0.008988000", + "frame.time_relative": "18360.068559000", + "frame.number": "18264", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x000052f7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006411", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "58930", + "udp.port": "53", + "udp.port": "58930", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "235" + }, + "dns": { + "dns.response_to": "18263", + "dns.time": "0.008988000", + "dns.id": "0x000004b0", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "142", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "18558", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1574", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1574", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1574", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1574", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1574", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1574", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1574", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1574", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1574", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "99", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4639", + "dns.resp.len": "4", + "dns.a": "198.172.88.208" + }, + "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.108": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7415", + "dns.resp.len": "4", + "dns.a": "173.223.52.108" + }, + "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.129": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3479", + "dns.resp.len": "4", + "dns.a": "173.223.52.129" + }, + "n4b.akamaiedge.net: type A, class IN, addr 173.223.52.70": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5887", + "dns.resp.len": "4", + "dns.a": "173.223.52.70" + }, + "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.203": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4442", + "dns.resp.len": "4", + "dns.a": "198.172.88.203" + }, + "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.95": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "21", + "dns.resp.len": "4", + "dns.a": "165.254.16.95" + }, + "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.205": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4127", + "dns.resp.len": "4", + "dns.a": "198.172.88.205" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "577", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 22:22:52.482011000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508476972.482011000", + "frame.time_delta": "2.079982000", + "frame.time_delta_displayed": "900.008248000", + "frame.time_relative": "19260.076807000", + "frame.number": "19082", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00007f92", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000392b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "48250", + "udp.dstport": "53", + "udp.port": "48250", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x00009c8c", + "udp.checksum.status": "2", + "udp.stream": "242" + }, + "dns": { + "dns.response_in": "19083", + "dns.id": "0x000004b1", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 22:22:52.488375000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508476972.488375000", + "frame.time_delta": "0.006364000", + "frame.time_delta_displayed": "0.006364000", + "frame.time_relative": "19260.083171000", + "frame.number": "19083", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x000024f5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009213", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "48250", + "udp.port": "53", + "udp.port": "48250", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "242" + }, + "dns": { + "dns.response_to": "19082", + "dns.time": "0.006364000", + "dns.id": "0x000004b1", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "143", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "17658", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "674", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "674", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "674", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "674", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "674", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "674", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "674", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "674", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "674", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3200", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3739", + "dns.resp.len": "4", + "dns.a": "198.172.88.208" + }, + "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.108": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6515", + "dns.resp.len": "4", + "dns.a": "173.223.52.108" + }, + "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.129": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2579", + "dns.resp.len": "4", + "dns.a": "173.223.52.129" + }, + "n4b.akamaiedge.net: type A, class IN, addr 173.223.52.70": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4987", + "dns.resp.len": "4", + "dns.a": "173.223.52.70" + }, + "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.203": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3542", + "dns.resp.len": "4", + "dns.a": "198.172.88.203" + }, + "n6b.akamaiedge.net: type A, class IN, addr 165.254.16.94": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3122", + "dns.resp.len": "4", + "dns.a": "165.254.16.94" + }, + "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.205": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3227", + "dns.resp.len": "4", + "dns.a": "198.172.88.205" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5678", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 22:33:21.968209000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508477601.968209000", + "frame.time_delta": "2.368838000", + "frame.time_delta_displayed": "629.479834000", + "frame.time_relative": "19889.563005000", + "frame.number": "19759", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x000048a9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007011", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "48476", + "udp.dstport": "53", + "udp.port": "48476", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000032f", + "udp.checksum.status": "2", + "udp.stream": "248" + }, + "dns": { + "dns.response_in": "19760", + "dns.id": "0x000004b2", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 22:33:21.970113000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508477601.970113000", + "frame.time_delta": "0.001904000", + "frame.time_delta_displayed": "0.001904000", + "frame.time_relative": "19889.564909000", + "frame.number": "19760", + "frame.len": "137", + "frame.cap_len": "137", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "123", + "ip.id": "0x00006934", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004f4c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "48476", + "udp.port": "53", + "udp.port": "48476", + "udp.length": "103", + "udp.checksum": "0x0000826a", + "udp.checksum.status": "2", + "udp.stream": "248" + }, + "dns": { + "dns.response_to": "19759", + "dns.time": "0.001904000", + "dns.id": "0x000004b2", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "6", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3220", + "dns.resp.len": "46", + "dns.soa.mname": "ns1.ext.philips.com", + "dns.soa.rname": "ddi-authority.philips.com", + "dns.soa.serial_number": "387", + "dns.soa.refresh_interval": "1200", + "dns.soa.retry_interval": "300", + "dns.soa.expire_limit": "1209600", + "dns.soa.mininum_ttl": "3600" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 22:33:21.971590000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508477601.971590000", + "frame.time_delta": "0.001477000", + "frame.time_delta_displayed": "0.001477000", + "frame.time_relative": "19889.566386000", + "frame.number": "19761", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x000048aa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007010", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "60103", + "udp.dstport": "53", + "udp.port": "60103", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000f0c2", + "udp.checksum.status": "2", + "udp.stream": "249" + }, + "dns": { + "dns.response_in": "19762", + "dns.id": "0x000004b3", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 22:33:21.973429000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508477601.973429000", + "frame.time_delta": "0.001839000", + "frame.time_delta_displayed": "0.001839000", + "frame.time_relative": "19889.568225000", + "frame.number": "19762", + "frame.len": "269", + "frame.cap_len": "269", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "255", + "ip.id": "0x00006935", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004ec7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "60103", + "udp.port": "53", + "udp.port": "60103", + "udp.length": "235", + "udp.checksum": "0x000082ee", + "udp.checksum.status": "2", + "udp.stream": "249" + }, + "dns": { + "dns.response_to": "19761", + "dns.time": "0.001839000", + "dns.id": "0x000004b3", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "3", + "dns.count.add_rr": "5", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3220", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "689", + "dns.resp.len": "10", + "dns.ns": "ns3.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "689", + "dns.resp.len": "6", + "dns.ns": "ns1.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "689", + "dns.resp.len": "6", + "dns.ns": "ns2.ext.philips.com" + } + }, + "Additional records": { + "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "157175", + "dns.resp.len": "4", + "dns.a": "57.77.21.76" + }, + "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "157175", + "dns.resp.len": "4", + "dns.a": "57.73.36.68" + }, + "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2218", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce89:8001::57:67:40:20" + }, + "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "47152", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" + }, + "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "47152", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce9d:1::57:73:36:68" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 22:33:22.393601000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508477602.393601000", + "frame.time_delta": "0.000661000", + "frame.time_delta_displayed": "0.420172000", + "frame.time_relative": "19889.988397000", + "frame.number": "19778", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x000048c9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006ff1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "58716", + "udp.dstport": "53", + "udp.port": "58716", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000db2c", + "udp.checksum.status": "2", + "udp.stream": "250" + }, + "dns": { + "dns.response_in": "19779", + "dns.id": "0x000004b4", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 22:33:22.394208000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508477602.394208000", + "frame.time_delta": "0.000607000", + "frame.time_delta_displayed": "0.000607000", + "frame.time_relative": "19889.989004000", + "frame.number": "19779", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00006951", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004f69", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "58716", + "udp.port": "53", + "udp.port": "58716", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "250" + }, + "dns": { + "dns.response_to": "19778", + "dns.time": "0.000607000", + "dns.id": "0x000004b4", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 22:33:22.395034000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508477602.395034000", + "frame.time_delta": "0.000826000", + "frame.time_delta_displayed": "0.000826000", + "frame.time_relative": "19889.989830000", + "frame.number": "19780", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x000048ca", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006ff0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "58570", + "udp.dstport": "53", + "udp.port": "58570", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000f6bd", + "udp.checksum.status": "2", + "udp.stream": "251" + }, + "dns": { + "dns.response_in": "19781", + "dns.id": "0x000004b5", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 22:33:22.395453000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508477602.395453000", + "frame.time_delta": "0.000419000", + "frame.time_delta_displayed": "0.000419000", + "frame.time_relative": "19889.990249000", + "frame.number": "19781", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x00006952", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004f58", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "58570", + "udp.port": "53", + "udp.port": "58570", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "251" + }, + "dns": { + "dns.response_to": "19780", + "dns.time": "0.000419000", + "dns.id": "0x000004b5", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3219", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 22:37:52.496004000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508477872.496004000", + "frame.time_delta": "7.655864000", + "frame.time_delta_displayed": "270.100551000", + "frame.time_relative": "20160.090800000", + "frame.number": "20012", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00007136", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004787", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57235", + "udp.dstport": "53", + "udp.port": "57235", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000796e", + "udp.checksum.status": "2", + "udp.stream": "252" + }, + "dns": { + "dns.response_in": "20013", + "dns.id": "0x000004b6", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 22:37:52.557890000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508477872.557890000", + "frame.time_delta": "0.061886000", + "frame.time_delta_displayed": "0.061886000", + "frame.time_relative": "20160.152686000", + "frame.number": "20013", + "frame.len": "467", + "frame.cap_len": "467", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "453", + "ip.id": "0x00007974", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003dc2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "57235", + "udp.port": "53", + "udp.port": "57235", + "udp.length": "433", + "udp.checksum": "0x000083b4", + "udp.checksum.status": "2", + "udp.stream": "252" + }, + "dns": { + "dns.response_to": "20012", + "dns.time": "0.061886000", + "dns.id": "0x000004b6", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "8", + "dns.count.add_rr": "8", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "118", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "15117", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "690", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "690", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "690", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "690", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "690", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "690", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "690", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "690", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 23.67.56.215": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6717", + "dns.resp.len": "4", + "dns.a": "23.67.56.215" + }, + "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7220", + "dns.resp.len": "4", + "dns.a": "204.2.166.158" + }, + "n3b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3405", + "dns.resp.len": "4", + "dns.a": "204.2.166.150" + }, + "n4b.akamaiedge.net: type A, class IN, addr 165.254.16.92": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "311", + "dns.resp.len": "4", + "dns.a": "165.254.16.92" + }, + "n5b.akamaiedge.net: type A, class IN, addr 198.172.88.206": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "58", + "dns.resp.len": "4", + "dns.a": "198.172.88.206" + }, + "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.69": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3867", + "dns.resp.len": "4", + "dns.a": "173.223.52.69" + }, + "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.204": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1920", + "dns.resp.len": "4", + "dns.a": "198.172.88.204" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 22:52:52.564075000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508478772.564075000", + "frame.time_delta": "2.198143000", + "frame.time_delta_displayed": "900.006185000", + "frame.time_relative": "21060.158871000", + "frame.number": "20790", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000cae0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000eddc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "43240", + "udp.dstport": "53", + "udp.port": "43240", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000b018", + "udp.checksum.status": "2", + "udp.stream": "258" + }, + "dns": { + "dns.response_in": "20791", + "dns.id": "0x000004b7", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 22:52:52.600980000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508478772.600980000", + "frame.time_delta": "0.036905000", + "frame.time_delta_displayed": "0.036905000", + "frame.time_relative": "21060.195776000", + "frame.number": "20791", + "frame.len": "467", + "frame.cap_len": "467", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "453", + "ip.id": "0x00009731", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002005", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "43240", + "udp.port": "53", + "udp.port": "43240", + "udp.length": "433", + "udp.checksum": "0x000083b4", + "udp.checksum.status": "2", + "udp.stream": "258" + }, + "dns": { + "dns.response_to": "20790", + "dns.time": "0.036905000", + "dns.id": "0x000004b7", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "8", + "dns.count.add_rr": "8", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "118", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "14217", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "790", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "790", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "790", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "790", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "790", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "790", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "790", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "790", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3106", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 23.67.56.215": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5817", + "dns.resp.len": "4", + "dns.a": "23.67.56.215" + }, + "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6320", + "dns.resp.len": "4", + "dns.a": "204.2.166.158" + }, + "n3b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2505", + "dns.resp.len": "4", + "dns.a": "204.2.166.150" + }, + "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.202": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5412", + "dns.resp.len": "4", + "dns.a": "198.172.88.202" + }, + "n5b.akamaiedge.net: type A, class IN, addr 173.223.52.70": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7161", + "dns.resp.len": "4", + "dns.a": "173.223.52.70" + }, + "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.69": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2967", + "dns.resp.len": "4", + "dns.a": "173.223.52.69" + }, + "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.204": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1020", + "dns.resp.len": "4", + "dns.a": "198.172.88.204" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 23:07:52.606357000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508479672.606357000", + "frame.time_delta": "1.385883000", + "frame.time_delta_displayed": "900.005377000", + "frame.time_relative": "21960.201153000", + "frame.number": "21562", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00004d98", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006b25", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53213", + "udp.dstport": "53", + "udp.port": "53213", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x00008922", + "udp.checksum.status": "2", + "udp.stream": "264" + }, + "dns": { + "dns.response_in": "21563", + "dns.id": "0x000004b8", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 23:07:52.617193000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508479672.617193000", + "frame.time_delta": "0.010836000", + "frame.time_delta_displayed": "0.010836000", + "frame.time_relative": "21960.211989000", + "frame.number": "21563", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000db65", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dba2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "53213", + "udp.port": "53", + "udp.port": "53213", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "264" + }, + "dns": { + "dns.response_to": "21562", + "dns.time": "0.010836000", + "dns.id": "0x000004b8", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "118", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "13317", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3890", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3890", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3890", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3890", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3890", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3890", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3890", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3890", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3890", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2206", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 23.67.56.215": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4917", + "dns.resp.len": "4", + "dns.a": "23.67.56.215" + }, + "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5420", + "dns.resp.len": "4", + "dns.a": "204.2.166.158" + }, + "n3b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1605", + "dns.resp.len": "4", + "dns.a": "204.2.166.150" + }, + "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.202": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4512", + "dns.resp.len": "4", + "dns.a": "198.172.88.202" + }, + "n5b.akamaiedge.net: type A, class IN, addr 173.223.52.70": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6261", + "dns.resp.len": "4", + "dns.a": "173.223.52.70" + }, + "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.69": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2067", + "dns.resp.len": "4", + "dns.a": "173.223.52.69" + }, + "n7b.akamaiedge.net: type A, class IN, addr 198.172.88.204": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "120", + "dns.resp.len": "4", + "dns.a": "198.172.88.204" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5890", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 23:22:52.625699000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508480572.625699000", + "frame.time_delta": "4.403118000", + "frame.time_delta_displayed": "900.008506000", + "frame.time_relative": "22860.220495000", + "frame.number": "22346", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00005937", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005f86", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "33001", + "udp.dstport": "53", + "udp.port": "33001", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000d815", + "udp.checksum.status": "2", + "udp.stream": "268" + }, + "dns": { + "dns.response_in": "22347", + "dns.id": "0x000004b9", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 23:22:52.650694000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508480572.650694000", + "frame.time_delta": "0.024995000", + "frame.time_delta_displayed": "0.024995000", + "frame.time_relative": "22860.245490000", + "frame.number": "22347", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000d12d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000e5da", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "33001", + "udp.port": "53", + "udp.port": "33001", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "268" + }, + "dns": { + "dns.response_to": "22346", + "dns.time": "0.024995000", + "dns.id": "0x000004b9", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "143", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "14058", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1074", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1074", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1074", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1074", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1074", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1074", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1074", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1074", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1074", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3601", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 198.172.88.208": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "139", + "dns.resp.len": "4", + "dns.a": "198.172.88.208" + }, + "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.108": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2915", + "dns.resp.len": "4", + "dns.a": "173.223.52.108" + }, + "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.239": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2980", + "dns.resp.len": "4", + "dns.a": "165.254.134.239" + }, + "n4b.akamaiedge.net: type A, class IN, addr 173.223.52.70": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1387", + "dns.resp.len": "4", + "dns.a": "173.223.52.70" + }, + "n5b.akamaiedge.net: type A, class IN, addr 96.17.70.191": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7943", + "dns.resp.len": "4", + "dns.a": "96.17.70.191" + }, + "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.70": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3523", + "dns.resp.len": "4", + "dns.a": "173.223.52.70" + }, + "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5628", + "dns.resp.len": "4", + "dns.a": "204.1.137.41" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2078", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 23:33:22.664730000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508481202.664730000", + "frame.time_delta": "2.566341000", + "frame.time_delta_displayed": "630.014036000", + "frame.time_relative": "23490.259526000", + "frame.number": "22859", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00007d2e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003b8c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "58340", + "udp.dstport": "53", + "udp.port": "58340", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000dc9e", + "udp.checksum.status": "2", + "udp.stream": "271" + }, + "dns": { + "dns.response_in": "22860", + "dns.id": "0x000004ba", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 23:33:22.666597000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508481202.666597000", + "frame.time_delta": "0.001867000", + "frame.time_delta_displayed": "0.001867000", + "frame.time_relative": "23490.261393000", + "frame.number": "22860", + "frame.len": "137", + "frame.cap_len": "137", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "123", + "ip.id": "0x00008ce9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002b97", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "58340", + "udp.port": "53", + "udp.port": "58340", + "udp.length": "103", + "udp.checksum": "0x0000826a", + "udp.checksum.status": "2", + "udp.stream": "271" + }, + "dns": { + "dns.response_to": "22859", + "dns.time": "0.001867000", + "dns.id": "0x000004ba", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "6", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3219", + "dns.resp.len": "46", + "dns.soa.mname": "ns1.ext.philips.com", + "dns.soa.rname": "ddi-authority.philips.com", + "dns.soa.serial_number": "387", + "dns.soa.refresh_interval": "1200", + "dns.soa.retry_interval": "300", + "dns.soa.expire_limit": "1209600", + "dns.soa.mininum_ttl": "3600" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 23:33:22.667494000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508481202.667494000", + "frame.time_delta": "0.000897000", + "frame.time_delta_displayed": "0.000897000", + "frame.time_relative": "23490.262290000", + "frame.number": "22861", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00007d2f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003b8b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "52564", + "udp.dstport": "53", + "udp.port": "52564", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00000e2e", + "udp.checksum.status": "2", + "udp.stream": "272" + }, + "dns": { + "dns.response_in": "22862", + "dns.id": "0x000004bb", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 23:33:22.669032000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508481202.669032000", + "frame.time_delta": "0.001538000", + "frame.time_delta_displayed": "0.001538000", + "frame.time_relative": "23490.263828000", + "frame.number": "22862", + "frame.len": "269", + "frame.cap_len": "269", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "255", + "ip.id": "0x00008cea", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002b12", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "52564", + "udp.port": "53", + "udp.port": "52564", + "udp.length": "235", + "udp.checksum": "0x000082ee", + "udp.checksum.status": "2", + "udp.stream": "272" + }, + "dns": { + "dns.response_to": "22861", + "dns.time": "0.001538000", + "dns.id": "0x000004bb", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "3", + "dns.count.add_rr": "5", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3220", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "688", + "dns.resp.len": "10", + "dns.ns": "ns3.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "688", + "dns.resp.len": "6", + "dns.ns": "ns1.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "688", + "dns.resp.len": "6", + "dns.ns": "ns2.ext.philips.com" + } + }, + "Additional records": { + "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "153574", + "dns.resp.len": "4", + "dns.a": "57.77.21.76" + }, + "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "153574", + "dns.resp.len": "4", + "dns.a": "57.73.36.68" + }, + "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "171829", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce89:8001::57:67:40:20" + }, + "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "43551", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" + }, + "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "43551", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce9d:1::57:73:36:68" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 23:33:23.087037000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508481203.087037000", + "frame.time_delta": "0.001271000", + "frame.time_delta_displayed": "0.418005000", + "frame.time_relative": "23490.681833000", + "frame.number": "22878", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00007d4c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003b6e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "37188", + "udp.dstport": "53", + "udp.port": "37188", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00002f3d", + "udp.checksum.status": "2", + "udp.stream": "273" + }, + "dns": { + "dns.response_in": "22879", + "dns.id": "0x000004bc", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 23:33:23.087591000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508481203.087591000", + "frame.time_delta": "0.000554000", + "frame.time_delta_displayed": "0.000554000", + "frame.time_relative": "23490.682387000", + "frame.number": "22879", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00008d00", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002bba", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "37188", + "udp.port": "53", + "udp.port": "37188", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "273" + }, + "dns": { + "dns.response_to": "22878", + "dns.time": "0.000554000", + "dns.id": "0x000004bc", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 23:33:23.088490000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508481203.088490000", + "frame.time_delta": "0.000899000", + "frame.time_delta_displayed": "0.000899000", + "frame.time_relative": "23490.683286000", + "frame.number": "22880", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00007d4d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003b6d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57857", + "udp.dstport": "53", + "udp.port": "57857", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000f97e", + "udp.checksum.status": "2", + "udp.stream": "274" + }, + "dns": { + "dns.response_in": "22881", + "dns.id": "0x000004bd", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 23:33:23.089060000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508481203.089060000", + "frame.time_delta": "0.000570000", + "frame.time_delta_displayed": "0.000570000", + "frame.time_relative": "23490.683856000", + "frame.number": "22881", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x00008d01", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002ba9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "57857", + "udp.port": "53", + "udp.port": "57857", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "274" + }, + "dns": { + "dns.response_to": "22880", + "dns.time": "0.000570000", + "dns.id": "0x000004bd", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3219", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 23:37:52.675652000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508481472.675652000", + "frame.time_delta": "1.044735000", + "frame.time_delta_displayed": "269.586592000", + "frame.time_relative": "23760.270448000", + "frame.number": "23158", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00009f5f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000195e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "41570", + "udp.dstport": "53", + "udp.port": "41570", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000b697", + "udp.checksum.status": "2", + "udp.stream": "280" + }, + "dns": { + "dns.response_in": "23159", + "dns.id": "0x000004be", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 23:37:52.686467000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508481472.686467000", + "frame.time_delta": "0.010815000", + "frame.time_delta_displayed": "0.010815000", + "frame.time_relative": "23760.281263000", + "frame.number": "23159", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000db55", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dbb2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "41570", + "udp.port": "53", + "udp.port": "41570", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "280" + }, + "dns": { + "dns.response_to": "23158", + "dns.time": "0.010815000", + "dns.id": "0x000004be", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "143", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "13158", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "174", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "174", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "174", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "174", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "174", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "174", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "174", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "174", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "174", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2701", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.131": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7242", + "dns.resp.len": "4", + "dns.a": "173.223.52.131" + }, + "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.108": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2015", + "dns.resp.len": "4", + "dns.a": "173.223.52.108" + }, + "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.239": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2080", + "dns.resp.len": "4", + "dns.a": "165.254.134.239" + }, + "n4b.akamaiedge.net: type A, class IN, addr 173.223.52.70": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "487", + "dns.resp.len": "4", + "dns.a": "173.223.52.70" + }, + "n5b.akamaiedge.net: type A, class IN, addr 96.17.70.191": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7043", + "dns.resp.len": "4", + "dns.a": "96.17.70.191" + }, + "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.70": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2623", + "dns.resp.len": "4", + "dns.a": "173.223.52.70" + }, + "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4728", + "dns.resp.len": "4", + "dns.a": "204.1.137.41" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1178", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 23:52:52.690665000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508482372.690665000", + "frame.time_delta": "0.322371000", + "frame.time_delta_displayed": "900.004198000", + "frame.time_relative": "24660.285461000", + "frame.number": "23918", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00009671", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000224c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "42853", + "udp.dstport": "53", + "udp.port": "42853", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000b193", + "udp.checksum.status": "2", + "udp.stream": "284" + }, + "dns": { + "dns.response_in": "23919", + "dns.id": "0x000004bf", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 19, 2017 23:52:52.711241000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508482372.711241000", + "frame.time_delta": "0.020576000", + "frame.time_delta_displayed": "0.020576000", + "frame.time_relative": "24660.306037000", + "frame.number": "23919", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x00001d6b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000999d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "42853", + "udp.port": "53", + "udp.port": "42853", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "284" + }, + "dns": { + "dns.response_to": "23918", + "dns.time": "0.020576000", + "dns.id": "0x000004bf", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "119", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "10617", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1190", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1190", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1190", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1190", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1190", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1190", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1190", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1190", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1190", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3509", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 23.67.56.215": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2217", + "dns.resp.len": "4", + "dns.a": "23.67.56.215" + }, + "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2720", + "dns.resp.len": "4", + "dns.a": "204.2.166.158" + }, + "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2912", + "dns.resp.len": "4", + "dns.a": "173.223.52.108" + }, + "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.202": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1812", + "dns.resp.len": "4", + "dns.a": "198.172.88.202" + }, + "n5b.akamaiedge.net: type A, class IN, addr 173.223.52.70": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3561", + "dns.resp.len": "4", + "dns.a": "173.223.52.70" + }, + "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3369", + "dns.resp.len": "4", + "dns.a": "173.223.52.109" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.246": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3423", + "dns.resp.len": "4", + "dns.a": "165.254.134.246" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3190", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 00:07:52.715432000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508483272.715432000", + "frame.time_delta": "0.798629000", + "frame.time_delta_displayed": "900.004191000", + "frame.time_relative": "25560.310228000", + "frame.number": "24682", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000a08f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000182e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53913", + "udp.dstport": "53", + "udp.port": "53913", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000865e", + "udp.checksum.status": "2", + "udp.stream": "288" + }, + "dns": { + "dns.response_in": "24683", + "dns.id": "0x000004c0", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 00:07:52.722880000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508483272.722880000", + "frame.time_delta": "0.007448000", + "frame.time_delta_displayed": "0.007448000", + "frame.time_relative": "25560.317676000", + "frame.number": "24683", + "frame.len": "467", + "frame.cap_len": "467", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "453", + "ip.id": "0x000067fe", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004f38", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "53913", + "udp.port": "53", + "udp.port": "53913", + "udp.length": "433", + "udp.checksum": "0x000083b4", + "udp.checksum.status": "2", + "udp.stream": "288" + }, + "dns": { + "dns.response_to": "24682", + "dns.time": "0.007448000", + "dns.id": "0x000004c0", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "8", + "dns.count.add_rr": "8", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "143", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "11358", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "374", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "374", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "374", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "374", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "374", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "374", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "374", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "374", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "901", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.131": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5442", + "dns.resp.len": "4", + "dns.a": "173.223.52.131" + }, + "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.108": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "215", + "dns.resp.len": "4", + "dns.a": "173.223.52.108" + }, + "n3b.akamaiedge.net: type A, class IN, addr 165.254.134.239": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "280", + "dns.resp.len": "4", + "dns.a": "165.254.134.239" + }, + "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.177": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4688", + "dns.resp.len": "4", + "dns.a": "96.17.70.177" + }, + "n5b.akamaiedge.net: type A, class IN, addr 96.17.70.191": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5243", + "dns.resp.len": "4", + "dns.a": "96.17.70.191" + }, + "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.70": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "823", + "dns.resp.len": "4", + "dns.a": "173.223.52.70" + }, + "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2928", + "dns.resp.len": "4", + "dns.a": "204.1.137.41" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 00:12:04.696340000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508483524.696340000", + "frame.time_delta": "0.145443000", + "frame.time_delta_displayed": "251.973460000", + "frame.time_relative": "25812.291136000", + "frame.number": "24953", + "frame.len": "83", + "frame.cap_len": "83", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "69", + "ip.id": "0x0000a209", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000016ad", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "49770", + "udp.dstport": "53", + "udp.port": "49770", + "udp.port": "53", + "udp.length": "49", + "udp.checksum": "0x0000cac1", + "udp.checksum.status": "2", + "udp.stream": "293" + }, + "dns": { + "dns.response_in": "24954", + "dns.id": "0x00000043", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "diagnostics.meethue.com: type A, class IN": { + "dns.qry.name": "diagnostics.meethue.com", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 00:12:04.767719000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508483524.767719000", + "frame.time_delta": "0.071379000", + "frame.time_delta_displayed": "0.071379000", + "frame.time_relative": "25812.362515000", + "frame.number": "24954", + "frame.len": "297", + "frame.cap_len": "297", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "283", + "ip.id": "0x00008814", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002fcc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "49770", + "udp.port": "53", + "udp.port": "49770", + "udp.length": "263", + "udp.checksum": "0x0000830a", + "udp.checksum.status": "2", + "udp.stream": "293" + }, + "dns": { + "dns.response_to": "24953", + "dns.time": "0.071379000", + "dns.id": "0x00000043", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "3", + "dns.count.add_rr": "6", + "Queries": { + "diagnostics.meethue.com: type A, class IN": { + "dns.qry.name": "diagnostics.meethue.com", + "dns.qry.name.len": "23", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "diagnostics.meethue.com: type A, class IN, addr 130.211.67.12": { + "dns.resp.name": "diagnostics.meethue.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "300", + "dns.resp.len": "4", + "dns.a": "130.211.67.12" + } + }, + "Authoritative nameservers": { + "meethue.com: type NS, class IN, ns ns3.ext.philips.com": { + "dns.resp.name": "meethue.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1704", + "dns.resp.len": "18", + "dns.ns": "ns3.ext.philips.com" + }, + "meethue.com: type NS, class IN, ns ns1.ext.philips.com": { + "dns.resp.name": "meethue.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1704", + "dns.resp.len": "6", + "dns.ns": "ns1.ext.philips.com" + }, + "meethue.com: type NS, class IN, ns ns2.ext.philips.com": { + "dns.resp.name": "meethue.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1704", + "dns.resp.len": "6", + "dns.ns": "ns2.ext.philips.com" + } + }, + "Additional records": { + "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "131086", + "dns.resp.len": "4", + "dns.a": "57.67.40.20" + }, + "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "155804", + "dns.resp.len": "4", + "dns.a": "57.77.21.76" + }, + "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "155804", + "dns.resp.len": "4", + "dns.a": "57.73.36.68" + }, + "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "134705", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce89:8001::57:67:40:20" + }, + "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "127278", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" + }, + "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "127278", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce9d:1::57:73:36:68" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 00:22:52.727669000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508484172.727669000", + "frame.time_delta": "3.871548000", + "frame.time_delta_displayed": "647.959950000", + "frame.time_relative": "26460.322465000", + "frame.number": "25506", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x000042c9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000075f4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "55301", + "udp.dstport": "53", + "udp.port": "55301", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x000080f1", + "udp.checksum.status": "2", + "udp.stream": "295" + }, + "dns": { + "dns.response_in": "25507", + "dns.id": "0x000004c1", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 00:22:52.765073000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508484172.765073000", + "frame.time_delta": "0.037404000", + "frame.time_delta_displayed": "0.037404000", + "frame.time_relative": "26460.359869000", + "frame.number": "25507", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x00000318", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b3f0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "55301", + "udp.port": "53", + "udp.port": "55301", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "295" + }, + "dns": { + "dns.response_to": "25506", + "dns.time": "0.037404000", + "dns.id": "0x000004c1", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "119", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "8817", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3390", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3390", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3390", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3390", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3390", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3390", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3390", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3390", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3390", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1709", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 23.67.56.215": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "417", + "dns.resp.len": "4", + "dns.a": "23.67.56.215" + }, + "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "920", + "dns.resp.len": "4", + "dns.a": "204.2.166.158" + }, + "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1112", + "dns.resp.len": "4", + "dns.a": "173.223.52.108" + }, + "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.202": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "12", + "dns.resp.len": "4", + "dns.a": "198.172.88.202" + }, + "n5b.akamaiedge.net: type A, class IN, addr 173.223.52.70": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1761", + "dns.resp.len": "4", + "dns.a": "173.223.52.70" + }, + "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1569", + "dns.resp.len": "4", + "dns.a": "173.223.52.109" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.246": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1623", + "dns.resp.len": "4", + "dns.a": "165.254.134.246" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1390", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 00:33:23.301033000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508484803.301033000", + "frame.time_delta": "0.159453000", + "frame.time_delta_displayed": "630.535960000", + "frame.time_relative": "27090.895829000", + "frame.number": "26095", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000aa78", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000e42", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "60609", + "udp.dstport": "53", + "udp.port": "60609", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000d3b9", + "udp.checksum.status": "2", + "udp.stream": "299" + }, + "dns": { + "dns.response_in": "26096", + "dns.id": "0x000004c2", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 00:33:23.303089000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508484803.303089000", + "frame.time_delta": "0.002056000", + "frame.time_delta_displayed": "0.002056000", + "frame.time_relative": "27090.897885000", + "frame.number": "26096", + "frame.len": "137", + "frame.cap_len": "137", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "123", + "ip.id": "0x0000a9d2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000eae", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "60609", + "udp.port": "53", + "udp.port": "60609", + "udp.length": "103", + "udp.checksum": "0x0000826a", + "udp.checksum.status": "2", + "udp.stream": "299" + }, + "dns": { + "dns.response_to": "26095", + "dns.time": "0.002056000", + "dns.id": "0x000004c2", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "6", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3219", + "dns.resp.len": "46", + "dns.soa.mname": "ns1.ext.philips.com", + "dns.soa.rname": "ddi-authority.philips.com", + "dns.soa.serial_number": "387", + "dns.soa.refresh_interval": "1200", + "dns.soa.retry_interval": "300", + "dns.soa.expire_limit": "1209600", + "dns.soa.mininum_ttl": "3600" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 00:33:23.303940000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508484803.303940000", + "frame.time_delta": "0.000851000", + "frame.time_delta_displayed": "0.000851000", + "frame.time_relative": "27090.898736000", + "frame.number": "26097", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000aa79", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000e41", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "45112", + "udp.dstport": "53", + "udp.port": "45112", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00002b42", + "udp.checksum.status": "2", + "udp.stream": "300" + }, + "dns": { + "dns.response_in": "26098", + "dns.id": "0x000004c3", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 00:33:23.305709000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508484803.305709000", + "frame.time_delta": "0.001769000", + "frame.time_delta_displayed": "0.001769000", + "frame.time_relative": "27090.900505000", + "frame.number": "26098", + "frame.len": "269", + "frame.cap_len": "269", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "255", + "ip.id": "0x0000a9d3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000e29", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "45112", + "udp.port": "53", + "udp.port": "45112", + "udp.length": "235", + "udp.checksum": "0x000082ee", + "udp.checksum.status": "2", + "udp.stream": "300" + }, + "dns": { + "dns.response_to": "26097", + "dns.time": "0.001769000", + "dns.id": "0x000004c3", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "3", + "dns.count.add_rr": "5", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3219", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "689", + "dns.resp.len": "10", + "dns.ns": "ns3.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "689", + "dns.resp.len": "6", + "dns.ns": "ns1.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "689", + "dns.resp.len": "6", + "dns.ns": "ns2.ext.philips.com" + } + }, + "Additional records": { + "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "149973", + "dns.resp.len": "4", + "dns.a": "57.77.21.76" + }, + "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "149973", + "dns.resp.len": "4", + "dns.a": "57.73.36.68" + }, + "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "168228", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce89:8001::57:67:40:20" + }, + "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "39950", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" + }, + "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "39950", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce9d:1::57:73:36:68" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 00:33:23.726935000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508484803.726935000", + "frame.time_delta": "0.001538000", + "frame.time_delta_displayed": "0.421226000", + "frame.time_relative": "27091.321731000", + "frame.number": "26114", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000aaa1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000e19", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "47836", + "udp.dstport": "53", + "udp.port": "47836", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000059d", + "udp.checksum.status": "2", + "udp.stream": "301" + }, + "dns": { + "dns.response_in": "26115", + "dns.id": "0x000004c4", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 00:33:23.727513000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508484803.727513000", + "frame.time_delta": "0.000578000", + "frame.time_delta_displayed": "0.000578000", + "frame.time_relative": "27091.322309000", + "frame.number": "26115", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000a9f1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000ec9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "47836", + "udp.port": "53", + "udp.port": "47836", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "301" + }, + "dns": { + "dns.response_to": "26114", + "dns.time": "0.000578000", + "dns.id": "0x000004c4", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 00:33:23.728355000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508484803.728355000", + "frame.time_delta": "0.000842000", + "frame.time_delta_displayed": "0.000842000", + "frame.time_relative": "27091.323151000", + "frame.number": "26116", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000aaa2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000e18", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "59436", + "udp.dstport": "53", + "udp.port": "59436", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000f34b", + "udp.checksum.status": "2", + "udp.stream": "302" + }, + "dns": { + "dns.response_in": "26117", + "dns.id": "0x000004c5", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 00:33:23.728777000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508484803.728777000", + "frame.time_delta": "0.000422000", + "frame.time_delta_displayed": "0.000422000", + "frame.time_relative": "27091.323573000", + "frame.number": "26117", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x0000a9f2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000eb8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "59436", + "udp.port": "53", + "udp.port": "59436", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "302" + }, + "dns": { + "dns.response_to": "26116", + "dns.time": "0.000422000", + "dns.id": "0x000004c5", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3219", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 00:37:52.772955000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508485072.772955000", + "frame.time_delta": "1.222355000", + "frame.time_delta_displayed": "269.044178000", + "frame.time_relative": "27360.367751000", + "frame.number": "26369", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000ce92", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ea2a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "45574", + "udp.dstport": "53", + "udp.port": "45574", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000a6eb", + "udp.checksum.status": "2", + "udp.stream": "304" + }, + "dns": { + "dns.response_in": "26370", + "dns.id": "0x000004c6", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 00:37:52.788820000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508485072.788820000", + "frame.time_delta": "0.015865000", + "frame.time_delta_displayed": "0.015865000", + "frame.time_relative": "27360.383616000", + "frame.number": "26370", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000cb7f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000eb88", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "45574", + "udp.port": "53", + "udp.port": "45574", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "304" + }, + "dns": { + "dns.response_to": "26369", + "dns.time": "0.015865000", + "dns.id": "0x000004c6", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "144", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "9558", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.42" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.27" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2574", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2574", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2574", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2574", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2574", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2574", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2574", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2574", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2574", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3102", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.131": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3642", + "dns.resp.len": "4", + "dns.a": "173.223.52.131" + }, + "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.94": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6416", + "dns.resp.len": "4", + "dns.a": "165.254.16.94" + }, + "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.176": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2481", + "dns.resp.len": "4", + "dns.a": "96.17.70.176" + }, + "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.177": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2888", + "dns.resp.len": "4", + "dns.a": "96.17.70.177" + }, + "n5b.akamaiedge.net: type A, class IN, addr 96.17.70.191": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3443", + "dns.resp.len": "4", + "dns.a": "96.17.70.191" + }, + "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.177": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3024", + "dns.resp.len": "4", + "dns.a": "96.17.70.177" + }, + "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1128", + "dns.resp.len": "4", + "dns.a": "204.1.137.41" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4574", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 00:52:52.797929000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508485972.797929000", + "frame.time_delta": "1.729711000", + "frame.time_delta_displayed": "900.009109000", + "frame.time_relative": "28260.392725000", + "frame.number": "27288", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000fdad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bb0f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "57726", + "udp.dstport": "53", + "udp.port": "57726", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x00007772", + "udp.checksum.status": "2", + "udp.stream": "311" + }, + "dns": { + "dns.response_in": "27289", + "dns.id": "0x000004c7", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 00:52:52.808637000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508485972.808637000", + "frame.time_delta": "0.010708000", + "frame.time_delta_displayed": "0.010708000", + "frame.time_relative": "28260.403433000", + "frame.number": "27289", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000efa6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c761", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "57726", + "udp.port": "53", + "udp.port": "57726", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "311" + }, + "dns": { + "dns.response_to": "27288", + "dns.time": "0.010708000", + "dns.id": "0x000004c7", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "144", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "8658", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.42" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.27" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1674", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1674", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1674", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1674", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1674", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1674", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1674", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1674", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1674", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2202", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.131": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2742", + "dns.resp.len": "4", + "dns.a": "173.223.52.131" + }, + "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.94": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5516", + "dns.resp.len": "4", + "dns.a": "165.254.16.94" + }, + "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.176": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1581", + "dns.resp.len": "4", + "dns.a": "96.17.70.176" + }, + "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.177": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1988", + "dns.resp.len": "4", + "dns.a": "96.17.70.177" + }, + "n5b.akamaiedge.net: type A, class IN, addr 96.17.70.191": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2543", + "dns.resp.len": "4", + "dns.a": "96.17.70.191" + }, + "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.177": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2124", + "dns.resp.len": "4", + "dns.a": "96.17.70.177" + }, + "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "228", + "dns.resp.len": "4", + "dns.a": "204.1.137.41" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3674", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 01:07:52.814329000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508486872.814329000", + "frame.time_delta": "5.472047000", + "frame.time_delta_displayed": "900.005692000", + "frame.time_relative": "29160.409125000", + "frame.number": "28061", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000614d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005770", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "39493", + "udp.dstport": "53", + "udp.port": "39493", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000beaa", + "udp.checksum.status": "2", + "udp.stream": "315" + }, + "dns": { + "dns.response_in": "28062", + "dns.id": "0x000004c8", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 01:07:52.835978000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508486872.835978000", + "frame.time_delta": "0.021649000", + "frame.time_delta_displayed": "0.021649000", + "frame.time_relative": "29160.430774000", + "frame.number": "28062", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x00000e9b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000a86d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "39493", + "udp.port": "53", + "udp.port": "39493", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "315" + }, + "dns": { + "dns.response_to": "28061", + "dns.time": "0.021649000", + "dns.id": "0x000004c8", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "119", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6117", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.27" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.42" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "690", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "690", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "690", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "690", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "690", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "690", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "690", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "690", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "690", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3011", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5718", + "dns.resp.len": "4", + "dns.a": "204.1.137.41" + }, + "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.155": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6226", + "dns.resp.len": "4", + "dns.a": "204.2.166.155" + }, + "n3b.akamaiedge.net: type A, class IN, addr 23.67.56.207": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2421", + "dns.resp.len": "4", + "dns.a": "23.67.56.207" + }, + "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.174": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3318", + "dns.resp.len": "4", + "dns.a": "96.17.70.174" + }, + "n5b.akamaiedge.net: type A, class IN, addr 23.67.56.215": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7067", + "dns.resp.len": "4", + "dns.a": "23.67.56.215" + }, + "n6b.akamaiedge.net: type A, class IN, addr 23.67.56.213": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2874", + "dns.resp.len": "4", + "dns.a": "23.67.56.213" + }, + "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.155": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4925", + "dns.resp.len": "4", + "dns.a": "204.2.166.155" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4702", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 01:22:52.843589000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508487772.843589000", + "frame.time_delta": "0.601966000", + "frame.time_delta_displayed": "900.007611000", + "frame.time_relative": "30060.438385000", + "frame.number": "28868", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00008683", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000323a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "60232", + "udp.dstport": "53", + "udp.port": "60232", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x00006da6", + "udp.checksum.status": "2", + "udp.stream": "322" + }, + "dns": { + "dns.response_in": "28869", + "dns.id": "0x000004c9", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 01:22:52.850618000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508487772.850618000", + "frame.time_delta": "0.007029000", + "frame.time_delta_displayed": "0.007029000", + "frame.time_relative": "30060.445414000", + "frame.number": "28869", + "frame.len": "467", + "frame.cap_len": "467", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "453", + "ip.id": "0x000032d6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008460", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "60232", + "udp.port": "53", + "udp.port": "60232", + "udp.length": "433", + "udp.checksum": "0x000083b4", + "udp.checksum.status": "2", + "udp.stream": "322" + }, + "dns": { + "dns.response_to": "28868", + "dns.time": "0.007029000", + "dns.id": "0x000004c9", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "8", + "dns.count.add_rr": "8", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "144", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6858", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.27" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.42" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "874", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "874", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "874", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "874", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "874", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "874", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "874", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "874", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "402", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.131": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "942", + "dns.resp.len": "4", + "dns.a": "173.223.52.131" + }, + "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.94": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3716", + "dns.resp.len": "4", + "dns.a": "165.254.16.94" + }, + "n3b.akamaiedge.net: type A, class IN, addr 23.67.56.213": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3782", + "dns.resp.len": "4", + "dns.a": "23.67.56.213" + }, + "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.177": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "188", + "dns.resp.len": "4", + "dns.a": "96.17.70.177" + }, + "n5b.akamaiedge.net: type A, class IN, addr 96.17.70.191": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "743", + "dns.resp.len": "4", + "dns.a": "96.17.70.191" + }, + "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.177": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "324", + "dns.resp.len": "4", + "dns.a": "96.17.70.177" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.243": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4429", + "dns.resp.len": "4", + "dns.a": "165.254.134.243" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 01:33:21.755985000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508488401.755985000", + "frame.time_delta": "1.940613000", + "frame.time_delta_displayed": "628.905367000", + "frame.time_relative": "30689.350781000", + "frame.number": "29396", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00009aad", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001e0d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "43519", + "udp.dstport": "53", + "udp.port": "43519", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00001674", + "udp.checksum.status": "2", + "udp.stream": "327" + }, + "dns": { + "dns.response_in": "29397", + "dns.id": "0x000004ca", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 01:33:21.757930000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508488401.757930000", + "frame.time_delta": "0.001945000", + "frame.time_delta_displayed": "0.001945000", + "frame.time_relative": "30689.352726000", + "frame.number": "29397", + "frame.len": "137", + "frame.cap_len": "137", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "123", + "ip.id": "0x0000a15f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001721", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "43519", + "udp.port": "53", + "udp.port": "43519", + "udp.length": "103", + "udp.checksum": "0x0000826a", + "udp.checksum.status": "2", + "udp.stream": "327" + }, + "dns": { + "dns.response_to": "29396", + "dns.time": "0.001945000", + "dns.id": "0x000004ca", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "6", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3221", + "dns.resp.len": "46", + "dns.soa.mname": "ns1.ext.philips.com", + "dns.soa.rname": "ddi-authority.philips.com", + "dns.soa.serial_number": "387", + "dns.soa.refresh_interval": "1200", + "dns.soa.retry_interval": "300", + "dns.soa.expire_limit": "1209600", + "dns.soa.mininum_ttl": "3600" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 01:33:21.758751000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508488401.758751000", + "frame.time_delta": "0.000821000", + "frame.time_delta_displayed": "0.000821000", + "frame.time_relative": "30689.353547000", + "frame.number": "29398", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00009aae", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001e0c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "34772", + "udp.dstport": "53", + "udp.port": "34772", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000539e", + "udp.checksum.status": "2", + "udp.stream": "328" + }, + "dns": { + "dns.response_in": "29399", + "dns.id": "0x000004cb", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 01:33:21.760366000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508488401.760366000", + "frame.time_delta": "0.001615000", + "frame.time_delta_displayed": "0.001615000", + "frame.time_relative": "30689.355162000", + "frame.number": "29399", + "frame.len": "285", + "frame.cap_len": "285", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "271", + "ip.id": "0x0000a160", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000168c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "34772", + "udp.port": "53", + "udp.port": "34772", + "udp.length": "251", + "udp.checksum": "0x000082fe", + "udp.checksum.status": "2", + "udp.stream": "328" + }, + "dns": { + "dns.response_to": "29398", + "dns.time": "0.001615000", + "dns.id": "0x000004cb", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "3", + "dns.count.add_rr": "6", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3221", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1322", + "dns.resp.len": "10", + "dns.ns": "ns2.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1322", + "dns.resp.len": "6", + "dns.ns": "ns3.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1322", + "dns.resp.len": "6", + "dns.ns": "ns1.ext.philips.com" + } + }, + "Additional records": { + "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "442", + "dns.resp.len": "4", + "dns.a": "57.67.40.20" + }, + "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "146375", + "dns.resp.len": "4", + "dns.a": "57.77.21.76" + }, + "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "146375", + "dns.resp.len": "4", + "dns.a": "57.73.36.68" + }, + "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "164630", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce89:8001::57:67:40:20" + }, + "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "36352", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" + }, + "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "36352", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce9d:1::57:73:36:68" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 01:33:22.179535000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508488402.179535000", + "frame.time_delta": "0.001270000", + "frame.time_delta_displayed": "0.419169000", + "frame.time_relative": "30689.774331000", + "frame.number": "29415", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00009ac2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001df8", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "32927", + "udp.dstport": "53", + "udp.port": "32927", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00003fd2", + "udp.checksum.status": "2", + "udp.stream": "329" + }, + "dns": { + "dns.response_in": "29416", + "dns.id": "0x000004cc", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 01:33:22.180074000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508488402.180074000", + "frame.time_delta": "0.000539000", + "frame.time_delta_displayed": "0.000539000", + "frame.time_relative": "30689.774870000", + "frame.number": "29416", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000a17c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000173e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "32927", + "udp.port": "53", + "udp.port": "32927", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "329" + }, + "dns": { + "dns.response_to": "29415", + "dns.time": "0.000539000", + "dns.id": "0x000004cc", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 01:33:22.181272000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508488402.181272000", + "frame.time_delta": "0.001198000", + "frame.time_delta_displayed": "0.001198000", + "frame.time_relative": "30689.776068000", + "frame.number": "29417", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00009ac3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001df7", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "50502", + "udp.dstport": "53", + "udp.port": "50502", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000162a", + "udp.checksum.status": "2", + "udp.stream": "330" + }, + "dns": { + "dns.response_in": "29418", + "dns.id": "0x000004cd", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 01:33:22.181706000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508488402.181706000", + "frame.time_delta": "0.000434000", + "frame.time_delta_displayed": "0.000434000", + "frame.time_relative": "30689.776502000", + "frame.number": "29418", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x0000a17d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000172d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "50502", + "udp.port": "53", + "udp.port": "50502", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "330" + }, + "dns": { + "dns.response_to": "29417", + "dns.time": "0.000434000", + "dns.id": "0x000004cd", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3220", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 01:37:52.855829000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508488672.855829000", + "frame.time_delta": "3.621068000", + "frame.time_delta_displayed": "270.674123000", + "frame.time_relative": "30960.450625000", + "frame.number": "29698", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000af13", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000009aa", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "51191", + "udp.dstport": "53", + "udp.port": "51191", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x000090f2", + "udp.checksum.status": "2", + "udp.stream": "331" + }, + "dns": { + "dns.response_in": "29699", + "dns.id": "0x000004ce", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 01:37:52.862182000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508488672.862182000", + "frame.time_delta": "0.006353000", + "frame.time_delta_displayed": "0.006353000", + "frame.time_relative": "30960.456978000", + "frame.number": "29699", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000ff8b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b77c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "51191", + "udp.port": "53", + "udp.port": "51191", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "331" + }, + "dns": { + "dns.response_to": "29698", + "dns.time": "0.006353000", + "dns.id": "0x000004ce", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "144", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5958", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.42" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.27" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3974", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3974", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3974", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3974", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3974", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3974", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3974", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3974", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3974", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3503", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.131": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "42", + "dns.resp.len": "4", + "dns.a": "173.223.52.131" + }, + "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.94": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2816", + "dns.resp.len": "4", + "dns.a": "165.254.16.94" + }, + "n3b.akamaiedge.net: type A, class IN, addr 23.67.56.213": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2882", + "dns.resp.len": "4", + "dns.a": "23.67.56.213" + }, + "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.175": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5291", + "dns.resp.len": "4", + "dns.a": "96.17.70.175" + }, + "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7844", + "dns.resp.len": "4", + "dns.a": "204.2.166.150" + }, + "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.177": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3426", + "dns.resp.len": "4", + "dns.a": "96.17.70.177" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.243": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3529", + "dns.resp.len": "4", + "dns.a": "165.254.134.243" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "974", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 01:52:52.869701000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508489572.869701000", + "frame.time_delta": "1.064777000", + "frame.time_delta_displayed": "900.007519000", + "frame.time_relative": "31860.464497000", + "frame.number": "30491", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000c558", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000f364", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "43504", + "udp.dstport": "53", + "udp.port": "43504", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000aef8", + "udp.checksum.status": "2", + "udp.stream": "337" + }, + "dns": { + "dns.response_in": "30492", + "dns.id": "0x000004cf", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 01:52:52.875803000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508489572.875803000", + "frame.time_delta": "0.006102000", + "frame.time_delta_displayed": "0.006102000", + "frame.time_relative": "31860.470599000", + "frame.number": "30492", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x00004e2b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000068dd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "43504", + "udp.port": "53", + "udp.port": "43504", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "337" + }, + "dns": { + "dns.response_to": "30491", + "dns.time": "0.006102000", + "dns.id": "0x000004cf", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "144", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5058", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.27" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.42" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3074", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3074", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3074", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3074", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3074", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3074", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3074", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3074", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3074", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2603", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7144", + "dns.resp.len": "4", + "dns.a": "204.2.166.154" + }, + "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.94": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1916", + "dns.resp.len": "4", + "dns.a": "165.254.16.94" + }, + "n3b.akamaiedge.net: type A, class IN, addr 23.67.56.213": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1982", + "dns.resp.len": "4", + "dns.a": "23.67.56.213" + }, + "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.175": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4391", + "dns.resp.len": "4", + "dns.a": "96.17.70.175" + }, + "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6944", + "dns.resp.len": "4", + "dns.a": "204.2.166.150" + }, + "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.177": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2526", + "dns.resp.len": "4", + "dns.a": "96.17.70.177" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.243": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2629", + "dns.resp.len": "4", + "dns.a": "165.254.134.243" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "74", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 02:07:52.881831000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508490472.881831000", + "frame.time_delta": "1.602333000", + "frame.time_delta_displayed": "900.006028000", + "frame.time_relative": "32760.476627000", + "frame.number": "31269", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000ce88", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ea34", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "38554", + "udp.dstport": "53", + "udp.port": "38554", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000c24d", + "udp.checksum.status": "2", + "udp.stream": "343" + }, + "dns": { + "dns.response_in": "31270", + "dns.id": "0x000004d0", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 02:07:52.891762000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508490472.891762000", + "frame.time_delta": "0.009931000", + "frame.time_delta_displayed": "0.009931000", + "frame.time_relative": "32760.486558000", + "frame.number": "31270", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x00000e5c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000a8ac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "38554", + "udp.port": "53", + "udp.port": "38554", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "343" + }, + "dns": { + "dns.response_to": "31269", + "dns.time": "0.009931000", + "dns.id": "0x000004d0", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "144", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4158", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.42" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.27" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2174", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2174", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2174", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2174", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2174", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2174", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2174", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2174", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2174", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1703", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6244", + "dns.resp.len": "4", + "dns.a": "204.2.166.154" + }, + "n2b.akamaiedge.net: type A, class IN, addr 165.254.16.94": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1016", + "dns.resp.len": "4", + "dns.a": "165.254.16.94" + }, + "n3b.akamaiedge.net: type A, class IN, addr 23.67.56.213": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1082", + "dns.resp.len": "4", + "dns.a": "23.67.56.213" + }, + "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.175": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3491", + "dns.resp.len": "4", + "dns.a": "96.17.70.175" + }, + "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6044", + "dns.resp.len": "4", + "dns.a": "204.2.166.150" + }, + "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.177": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1626", + "dns.resp.len": "4", + "dns.a": "96.17.70.177" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.134.243": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1729", + "dns.resp.len": "4", + "dns.a": "165.254.134.243" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5177", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 02:22:52.901114000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508491372.901114000", + "frame.time_delta": "1.849865000", + "frame.time_delta_displayed": "900.009352000", + "frame.time_relative": "33660.495910000", + "frame.number": "32056", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00004594", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007329", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "33202", + "udp.dstport": "53", + "udp.port": "33202", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000d734", + "udp.checksum.status": "2", + "udp.stream": "348" + }, + "dns": { + "dns.response_in": "32057", + "dns.id": "0x000004d1", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 02:22:52.972380000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508491372.972380000", + "frame.time_delta": "0.071266000", + "frame.time_delta_displayed": "0.071266000", + "frame.time_relative": "33660.567176000", + "frame.number": "32057", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x00002997", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008d71", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "33202", + "udp.port": "53", + "udp.port": "33202", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "348" + }, + "dns": { + "dns.response_to": "32056", + "dns.time": "0.071266000", + "dns.id": "0x000004d1", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "120", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1617", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.27" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.42" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1191", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1191", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1191", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1191", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1191", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1191", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1191", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1191", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1191", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2514", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1218", + "dns.resp.len": "4", + "dns.a": "204.1.137.41" + }, + "n2b.akamaiedge.net: type A, class IN, addr 204.2.166.155": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1726", + "dns.resp.len": "4", + "dns.a": "204.2.166.155" + }, + "n3b.akamaiedge.net: type A, class IN, addr 204.2.166.155": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1922", + "dns.resp.len": "4", + "dns.a": "204.2.166.155" + }, + "n4b.akamaiedge.net: type A, class IN, addr 204.2.166.151": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4820", + "dns.resp.len": "4", + "dns.a": "204.2.166.151" + }, + "n5b.akamaiedge.net: type A, class IN, addr 23.67.56.215": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2567", + "dns.resp.len": "4", + "dns.a": "23.67.56.215" + }, + "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.151": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2380", + "dns.resp.len": "4", + "dns.a": "204.2.166.151" + }, + "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.155": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "425", + "dns.resp.len": "4", + "dns.a": "204.2.166.155" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "202", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 02:33:22.349285000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508492002.349285000", + "frame.time_delta": "0.837648000", + "frame.time_delta_displayed": "629.376905000", + "frame.time_relative": "34289.944081000", + "frame.number": "32626", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000f99e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bf1b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "52881", + "udp.dstport": "53", + "udp.port": "52881", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000f1d9", + "udp.checksum.status": "2", + "udp.stream": "352" + }, + "dns": { + "dns.response_in": "32627", + "dns.id": "0x000004d2", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 02:33:22.351230000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508492002.351230000", + "frame.time_delta": "0.001945000", + "frame.time_delta_displayed": "0.001945000", + "frame.time_relative": "34289.946026000", + "frame.number": "32627", + "frame.len": "137", + "frame.cap_len": "137", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "123", + "ip.id": "0x0000ba2d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000fe52", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "52881", + "udp.port": "53", + "udp.port": "52881", + "udp.length": "103", + "udp.checksum": "0x0000826a", + "udp.checksum.status": "2", + "udp.stream": "352" + }, + "dns": { + "dns.response_to": "32626", + "dns.time": "0.001945000", + "dns.id": "0x000004d2", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "6", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3220", + "dns.resp.len": "46", + "dns.soa.mname": "ns1.ext.philips.com", + "dns.soa.rname": "ddi-authority.philips.com", + "dns.soa.serial_number": "387", + "dns.soa.refresh_interval": "1200", + "dns.soa.retry_interval": "300", + "dns.soa.expire_limit": "1209600", + "dns.soa.mininum_ttl": "3600" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 02:33:22.352051000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508492002.352051000", + "frame.time_delta": "0.000821000", + "frame.time_delta_displayed": "0.000821000", + "frame.time_relative": "34289.946847000", + "frame.number": "32628", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000f99f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bf1a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "43337", + "udp.dstport": "53", + "udp.port": "43337", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00003221", + "udp.checksum.status": "2", + "udp.stream": "353" + }, + "dns": { + "dns.response_in": "32629", + "dns.id": "0x000004d3", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 02:33:22.392543000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508492002.392543000", + "frame.time_delta": "0.040492000", + "frame.time_delta_displayed": "0.040492000", + "frame.time_relative": "34289.987339000", + "frame.number": "32629", + "frame.len": "285", + "frame.cap_len": "285", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "271", + "ip.id": "0x0000ba30", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000fdbb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "43337", + "udp.port": "53", + "udp.port": "43337", + "udp.length": "251", + "udp.checksum": "0x000082fe", + "udp.checksum.status": "2", + "udp.stream": "353" + }, + "dns": { + "dns.response_to": "32628", + "dns.time": "0.040492000", + "dns.id": "0x000004d3", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "3", + "dns.count.add_rr": "6", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3220", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1411", + "dns.resp.len": "10", + "dns.ns": "ns3.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1411", + "dns.resp.len": "6", + "dns.ns": "ns2.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1411", + "dns.resp.len": "6", + "dns.ns": "ns1.ext.philips.com" + } + }, + "Additional records": { + "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "171851", + "dns.resp.len": "4", + "dns.a": "57.67.40.20" + }, + "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "142774", + "dns.resp.len": "4", + "dns.a": "57.77.21.76" + }, + "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "142774", + "dns.resp.len": "4", + "dns.a": "57.73.36.68" + }, + "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "161029", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce89:8001::57:67:40:20" + }, + "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "32751", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" + }, + "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "32751", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce9d:1::57:73:36:68" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 02:33:22.810223000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508492002.810223000", + "frame.time_delta": "0.001028000", + "frame.time_delta_displayed": "0.417680000", + "frame.time_relative": "34290.405019000", + "frame.number": "32645", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000f9af", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bf0a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "54367", + "udp.dstport": "53", + "udp.port": "54367", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000ec09", + "udp.checksum.status": "2", + "udp.stream": "354" + }, + "dns": { + "dns.response_in": "32646", + "dns.id": "0x000004d4", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 02:33:22.810817000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508492002.810817000", + "frame.time_delta": "0.000594000", + "frame.time_delta_displayed": "0.000594000", + "frame.time_relative": "34290.405613000", + "frame.number": "32646", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000ba35", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000fe84", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "54367", + "udp.port": "53", + "udp.port": "54367", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "354" + }, + "dns": { + "dns.response_to": "32645", + "dns.time": "0.000594000", + "dns.id": "0x000004d4", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 02:33:22.811626000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508492002.811626000", + "frame.time_delta": "0.000809000", + "frame.time_delta_displayed": "0.000809000", + "frame.time_relative": "34290.406422000", + "frame.number": "32647", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000f9b0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bf09", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "39432", + "udp.dstport": "53", + "udp.port": "39432", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00004160", + "udp.checksum.status": "2", + "udp.stream": "355" + }, + "dns": { + "dns.response_in": "32648", + "dns.id": "0x000004d5", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 02:33:22.812191000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508492002.812191000", + "frame.time_delta": "0.000565000", + "frame.time_delta_displayed": "0.000565000", + "frame.time_relative": "34290.406987000", + "frame.number": "32648", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x0000ba36", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000fe73", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "39432", + "udp.port": "53", + "udp.port": "39432", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "355" + }, + "dns": { + "dns.response_to": "32647", + "dns.time": "0.000565000", + "dns.id": "0x000004d5", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3220", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 02:37:53.011030000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508492273.011030000", + "frame.time_delta": "0.622307000", + "frame.time_delta_displayed": "270.198839000", + "frame.time_relative": "34560.605826000", + "frame.number": "32884", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000400c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000078b1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "44772", + "udp.dstport": "53", + "udp.port": "44772", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000a9fd", + "udp.checksum.status": "2", + "udp.stream": "356" + }, + "dns": { + "dns.response_in": "32885", + "dns.id": "0x000004d6", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 02:37:53.016866000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508492273.016866000", + "frame.time_delta": "0.005836000", + "frame.time_delta_displayed": "0.005836000", + "frame.time_relative": "34560.611662000", + "frame.number": "32885", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000c41b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000f2ec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "44772", + "udp.port": "53", + "udp.port": "44772", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "356" + }, + "dns": { + "dns.response_to": "32884", + "dns.time": "0.005836000", + "dns.id": "0x000004d6", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "143", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2357", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.27" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.42" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "373", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "373", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "373", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "373", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "373", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "373", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "373", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "373", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "373", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3904", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4443", + "dns.resp.len": "4", + "dns.a": "204.2.166.154" + }, + "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.175": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7217", + "dns.resp.len": "4", + "dns.a": "96.17.70.175" + }, + "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.174": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3284", + "dns.resp.len": "4", + "dns.a": "96.17.70.174" + }, + "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.175": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1690", + "dns.resp.len": "4", + "dns.a": "96.17.70.175" + }, + "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4243", + "dns.resp.len": "4", + "dns.a": "204.2.166.150" + }, + "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.154": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3827", + "dns.resp.len": "4", + "dns.a": "204.2.166.154" + }, + "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5929", + "dns.resp.len": "4", + "dns.a": "204.2.166.158" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3376", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 02:52:53.027071000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508493173.027071000", + "frame.time_delta": "3.719993000", + "frame.time_delta_displayed": "900.010205000", + "frame.time_relative": "35460.621867000", + "frame.number": "33758", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x000044d0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000073ed", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "54661", + "udp.dstport": "53", + "udp.port": "54661", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000835b", + "udp.checksum.status": "2", + "udp.stream": "360" + }, + "dns": { + "dns.response_in": "33759", + "dns.id": "0x000004d7", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 02:52:53.101742000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508493173.101742000", + "frame.time_delta": "0.074671000", + "frame.time_delta_displayed": "0.074671000", + "frame.time_relative": "35460.696538000", + "frame.number": "33759", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000f93b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bdcc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "54661", + "udp.port": "53", + "udp.port": "54661", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "360" + }, + "dns": { + "dns.response_to": "33758", + "dns.time": "0.074671000", + "dns.id": "0x000004d7", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "300", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1457", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.27" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.42" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3473", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3473", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3473", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3473", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3473", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3473", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3473", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3473", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3473", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3004", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3543", + "dns.resp.len": "4", + "dns.a": "204.2.166.154" + }, + "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.175": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6317", + "dns.resp.len": "4", + "dns.a": "96.17.70.175" + }, + "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.174": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2384", + "dns.resp.len": "4", + "dns.a": "96.17.70.174" + }, + "n4b.akamaiedge.net: type A, class IN, addr 96.17.70.175": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "790", + "dns.resp.len": "4", + "dns.a": "96.17.70.175" + }, + "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3343", + "dns.resp.len": "4", + "dns.a": "204.2.166.150" + }, + "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.154": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2927", + "dns.resp.len": "4", + "dns.a": "204.2.166.154" + }, + "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5029", + "dns.resp.len": "4", + "dns.a": "204.2.166.158" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2476", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 03:07:53.107570000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508494073.107570000", + "frame.time_delta": "7.786097000", + "frame.time_delta_displayed": "900.005828000", + "frame.time_relative": "36360.702366000", + "frame.number": "34517", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000f210", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c6ac", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "49914", + "udp.dstport": "53", + "udp.port": "49914", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x000095e5", + "udp.checksum.status": "2", + "udp.stream": "368" + }, + "dns": { + "dns.response_in": "34518", + "dns.id": "0x000004d8", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 03:07:53.114086000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508494073.114086000", + "frame.time_delta": "0.006516000", + "frame.time_delta_displayed": "0.006516000", + "frame.time_relative": "36360.708882000", + "frame.number": "34518", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000cccb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ea3c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "49914", + "udp.port": "53", + "udp.port": "49914", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "368" + }, + "dns": { + "dns.response_to": "34517", + "dns.time": "0.006516000", + "dns.id": "0x000004d8", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "143", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "557", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.27" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.42" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2573", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2573", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2573", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2573", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2573", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2573", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2573", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2573", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2573", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2104", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2643", + "dns.resp.len": "4", + "dns.a": "204.2.166.154" + }, + "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.175": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5417", + "dns.resp.len": "4", + "dns.a": "96.17.70.175" + }, + "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.174": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1484", + "dns.resp.len": "4", + "dns.a": "96.17.70.174" + }, + "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.225": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5891", + "dns.resp.len": "4", + "dns.a": "209.18.46.225" + }, + "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2443", + "dns.resp.len": "4", + "dns.a": "204.2.166.150" + }, + "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.154": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2027", + "dns.resp.len": "4", + "dns.a": "204.2.166.154" + }, + "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4129", + "dns.resp.len": "4", + "dns.a": "204.2.166.158" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1576", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 03:22:53.123990000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508494973.123990000", + "frame.time_delta": "1.660357000", + "frame.time_delta_displayed": "900.009904000", + "frame.time_relative": "37260.718786000", + "frame.number": "35283", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x000001f8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b6c5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "44922", + "udp.dstport": "53", + "udp.port": "44922", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000a964", + "udp.checksum.status": "2", + "udp.stream": "372" + }, + "dns": { + "dns.response_in": "35284", + "dns.id": "0x000004d9", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 03:22:53.134103000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508494973.134103000", + "frame.time_delta": "0.010113000", + "frame.time_delta_displayed": "0.010113000", + "frame.time_relative": "37260.728899000", + "frame.number": "35284", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x000006d5", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b033", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "44922", + "udp.port": "53", + "udp.port": "44922", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "372" + }, + "dns": { + "dns.response_to": "35283", + "dns.time": "0.010113000", + "dns.id": "0x000004d9", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "144", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "21444", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.42" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.27" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1673", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1673", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1673", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1673", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1673", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1673", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1673", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1673", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1673", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1204", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1743", + "dns.resp.len": "4", + "dns.a": "204.2.166.154" + }, + "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.175": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4517", + "dns.resp.len": "4", + "dns.a": "96.17.70.175" + }, + "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.174": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "584", + "dns.resp.len": "4", + "dns.a": "96.17.70.174" + }, + "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.225": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4991", + "dns.resp.len": "4", + "dns.a": "209.18.46.225" + }, + "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1543", + "dns.resp.len": "4", + "dns.a": "204.2.166.150" + }, + "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.154": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1127", + "dns.resp.len": "4", + "dns.a": "204.2.166.154" + }, + "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3229", + "dns.resp.len": "4", + "dns.a": "204.2.166.158" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "676", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 03:33:22.916241000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508495602.916241000", + "frame.time_delta": "3.559096000", + "frame.time_delta_displayed": "629.782138000", + "frame.time_relative": "37890.511037000", + "frame.number": "35811", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00007ba1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003d19", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "49663", + "udp.dstport": "53", + "udp.port": "49663", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000fe63", + "udp.checksum.status": "2", + "udp.stream": "376" + }, + "dns": { + "dns.response_in": "35812", + "dns.id": "0x000004da", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 03:33:22.918183000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508495602.918183000", + "frame.time_delta": "0.001942000", + "frame.time_delta_displayed": "0.001942000", + "frame.time_relative": "37890.512979000", + "frame.number": "35812", + "frame.len": "137", + "frame.cap_len": "137", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "123", + "ip.id": "0x0000d276", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000e609", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "49663", + "udp.port": "53", + "udp.port": "49663", + "udp.length": "103", + "udp.checksum": "0x0000826a", + "udp.checksum.status": "2", + "udp.stream": "376" + }, + "dns": { + "dns.response_to": "35811", + "dns.time": "0.001942000", + "dns.id": "0x000004da", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "6", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1787", + "dns.resp.len": "46", + "dns.soa.mname": "ns1.ext.philips.com", + "dns.soa.rname": "ddi-authority.philips.com", + "dns.soa.serial_number": "387", + "dns.soa.refresh_interval": "1200", + "dns.soa.retry_interval": "300", + "dns.soa.expire_limit": "1209600", + "dns.soa.mininum_ttl": "3600" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 03:33:22.920557000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508495602.920557000", + "frame.time_delta": "0.002374000", + "frame.time_delta_displayed": "0.002374000", + "frame.time_relative": "37890.515353000", + "frame.number": "35813", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00007ba2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003d18", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "33688", + "udp.dstport": "53", + "udp.port": "33688", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x000057ca", + "udp.checksum.status": "2", + "udp.stream": "377" + }, + "dns": { + "dns.response_in": "35814", + "dns.id": "0x000004db", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 03:33:22.922284000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508495602.922284000", + "frame.time_delta": "0.001727000", + "frame.time_delta_displayed": "0.001727000", + "frame.time_relative": "37890.517080000", + "frame.number": "35814", + "frame.len": "285", + "frame.cap_len": "285", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "271", + "ip.id": "0x0000d277", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000e574", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "33688", + "udp.port": "53", + "udp.port": "33688", + "udp.length": "251", + "udp.checksum": "0x000082fe", + "udp.checksum.status": "2", + "udp.stream": "377" + }, + "dns": { + "dns.response_to": "35813", + "dns.time": "0.001727000", + "dns.id": "0x000004db", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "3", + "dns.count.add_rr": "6", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2989", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1787", + "dns.resp.len": "10", + "dns.ns": "ns3.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1787", + "dns.resp.len": "6", + "dns.ns": "ns1.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1787", + "dns.resp.len": "6", + "dns.ns": "ns2.ext.philips.com" + } + }, + "Additional records": { + "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "119008", + "dns.resp.len": "4", + "dns.a": "57.67.40.20" + }, + "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "143726", + "dns.resp.len": "4", + "dns.a": "57.77.21.76" + }, + "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "143726", + "dns.resp.len": "4", + "dns.a": "57.73.36.68" + }, + "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "122627", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce89:8001::57:67:40:20" + }, + "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "115200", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" + }, + "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "115200", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce9d:1::57:73:36:68" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 03:33:23.341511000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508495603.341511000", + "frame.time_delta": "0.001324000", + "frame.time_delta_displayed": "0.419227000", + "frame.time_relative": "37890.936307000", + "frame.number": "35830", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00007bba", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003d00", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "36096", + "udp.dstport": "53", + "udp.port": "36096", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00003361", + "udp.checksum.status": "2", + "udp.stream": "378" + }, + "dns": { + "dns.response_in": "35831", + "dns.id": "0x000004dc", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 03:33:23.341806000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508495603.341806000", + "frame.time_delta": "0.000295000", + "frame.time_delta_displayed": "0.000295000", + "frame.time_relative": "37890.936602000", + "frame.number": "35831", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000d284", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000e635", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "36096", + "udp.port": "53", + "udp.port": "36096", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "378" + }, + "dns": { + "dns.response_to": "35830", + "dns.time": "0.000295000", + "dns.id": "0x000004dc", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 03:33:23.342577000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508495603.342577000", + "frame.time_delta": "0.000771000", + "frame.time_delta_displayed": "0.000771000", + "frame.time_relative": "37890.937373000", + "frame.number": "35832", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00007bbb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00003cff", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "49358", + "udp.dstport": "53", + "udp.port": "49358", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00001a92", + "udp.checksum.status": "2", + "udp.stream": "379" + }, + "dns": { + "dns.response_in": "35833", + "dns.id": "0x000004dd", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 03:33:23.342908000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508495603.342908000", + "frame.time_delta": "0.000331000", + "frame.time_delta_displayed": "0.000331000", + "frame.time_relative": "37890.937704000", + "frame.number": "35833", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x0000d285", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000e624", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "49358", + "udp.port": "53", + "udp.port": "49358", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "379" + }, + "dns": { + "dns.response_to": "35832", + "dns.time": "0.000331000", + "dns.id": "0x000004dd", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2988", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 03:37:53.142390000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508495873.142390000", + "frame.time_delta": "3.770169000", + "frame.time_delta_displayed": "269.799482000", + "frame.time_relative": "38160.737186000", + "frame.number": "36053", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000d08e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000e82e", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "36775", + "udp.dstport": "53", + "udp.port": "36775", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000c932", + "udp.checksum.status": "2", + "udp.stream": "380" + }, + "dns": { + "dns.response_in": "36054", + "dns.id": "0x000004de", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 03:37:53.148990000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508495873.148990000", + "frame.time_delta": "0.006600000", + "frame.time_delta_displayed": "0.006600000", + "frame.time_relative": "38160.743786000", + "frame.number": "36054", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000fff7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b710", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "36775", + "udp.port": "53", + "udp.port": "36775", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "380" + }, + "dns": { + "dns.response_to": "36053", + "dns.time": "0.006600000", + "dns.id": "0x000004de", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "144", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20544", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.27" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.42" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "773", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "773", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "773", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "773", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "773", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "773", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "773", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "773", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "773", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "304", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 204.2.166.154": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "843", + "dns.resp.len": "4", + "dns.a": "204.2.166.154" + }, + "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.175": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3617", + "dns.resp.len": "4", + "dns.a": "96.17.70.175" + }, + "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3691", + "dns.resp.len": "4", + "dns.a": "173.223.52.108" + }, + "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.225": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4091", + "dns.resp.len": "4", + "dns.a": "209.18.46.225" + }, + "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "643", + "dns.resp.len": "4", + "dns.a": "204.2.166.150" + }, + "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.154": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "227", + "dns.resp.len": "4", + "dns.a": "204.2.166.154" + }, + "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2329", + "dns.resp.len": "4", + "dns.a": "204.2.166.158" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5779", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 03:52:53.157944000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508496773.157944000", + "frame.time_delta": "0.549528000", + "frame.time_delta_displayed": "900.008954000", + "frame.time_relative": "39060.752740000", + "frame.number": "36810", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000fe35", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ba87", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "58619", + "udp.dstport": "53", + "udp.port": "58619", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x000073dd", + "udp.checksum.status": "2", + "udp.stream": "384" + }, + "dns": { + "dns.response_in": "36811", + "dns.id": "0x000004df", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 03:52:53.164664000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508496773.164664000", + "frame.time_delta": "0.006720000", + "frame.time_delta_displayed": "0.006720000", + "frame.time_relative": "39060.759460000", + "frame.number": "36811", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x00004af7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006c11", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "58619", + "udp.port": "53", + "udp.port": "58619", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "384" + }, + "dns": { + "dns.response_to": "36810", + "dns.time": "0.006720000", + "dns.id": "0x000004df", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "144", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "19644", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.27" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.42" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3873", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3873", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3873", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3873", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3873", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3873", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3873", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3873", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3873", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3407", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 96.17.70.173": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7948", + "dns.resp.len": "4", + "dns.a": "96.17.70.173" + }, + "n2b.akamaiedge.net: type A, class IN, addr 96.17.70.175": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2717", + "dns.resp.len": "4", + "dns.a": "96.17.70.175" + }, + "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2791", + "dns.resp.len": "4", + "dns.a": "173.223.52.108" + }, + "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.225": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3191", + "dns.resp.len": "4", + "dns.a": "209.18.46.225" + }, + "n5b.akamaiedge.net: type A, class IN, addr 209.18.46.218": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7745", + "dns.resp.len": "4", + "dns.a": "209.18.46.218" + }, + "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.131": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3330", + "dns.resp.len": "4", + "dns.a": "173.223.52.131" + }, + "n7b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1429", + "dns.resp.len": "4", + "dns.a": "204.2.166.158" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4879", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 04:07:53.171491000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508497673.171491000", + "frame.time_delta": "3.380707000", + "frame.time_delta_displayed": "900.006827000", + "frame.time_relative": "39960.766287000", + "frame.number": "37558", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00001426", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000a497", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "46109", + "udp.dstport": "53", + "udp.port": "46109", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000a4ba", + "udp.checksum.status": "2", + "udp.stream": "388" + }, + "dns": { + "dns.response_in": "37559", + "dns.id": "0x000004e0", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 04:07:53.178025000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508497673.178025000", + "frame.time_delta": "0.006534000", + "frame.time_delta_displayed": "0.006534000", + "frame.time_relative": "39960.772821000", + "frame.number": "37559", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000d1c0", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000e547", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "46109", + "udp.port": "53", + "udp.port": "46109", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "388" + }, + "dns": { + "dns.response_to": "37558", + "dns.time": "0.006534000", + "dns.id": "0x000004e0", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "121", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "16919", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.27" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.42" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2890", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2890", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2890", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2890", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2890", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2890", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2890", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2890", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2890", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "220", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.233": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2919", + "dns.resp.len": "4", + "dns.a": "173.197.192.233" + }, + "n2b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3429", + "dns.resp.len": "4", + "dns.a": "204.1.137.41" + }, + "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3625", + "dns.resp.len": "4", + "dns.a": "173.223.52.108" + }, + "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.217": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4526", + "dns.resp.len": "4", + "dns.a": "209.18.46.217" + }, + "n5b.akamaiedge.net: type A, class IN, addr 209.18.46.223": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4270", + "dns.resp.len": "4", + "dns.a": "209.18.46.223" + }, + "n6b.akamaiedge.net: type A, class IN, addr 209.18.46.221": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "83", + "dns.resp.len": "4", + "dns.a": "209.18.46.221" + }, + "n7b.akamaiedge.net: type A, class IN, addr 173.223.52.108": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "127", + "dns.resp.len": "4", + "dns.a": "173.223.52.108" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5928", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 04:22:53.188284000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508498573.188284000", + "frame.time_delta": "2.605383000", + "frame.time_delta_displayed": "900.010259000", + "frame.time_relative": "40860.783080000", + "frame.number": "38342", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00001f18", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000099a5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "55484", + "udp.dstport": "53", + "udp.port": "55484", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000801a", + "udp.checksum.status": "2", + "udp.stream": "397" + }, + "dns": { + "dns.response_in": "38343", + "dns.id": "0x000004e1", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 04:22:53.198461000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508498573.198461000", + "frame.time_delta": "0.010177000", + "frame.time_delta_displayed": "0.010177000", + "frame.time_relative": "40860.793257000", + "frame.number": "38343", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x00000c8c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000aa7c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "55484", + "udp.port": "53", + "udp.port": "55484", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "397" + }, + "dns": { + "dns.response_to": "38342", + "dns.time": "0.010177000", + "dns.id": "0x000004e1", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "121", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "16019", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.27" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.42" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1990", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1990", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1990", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1990", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1990", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1990", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1990", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1990", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1990", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3326", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.233": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2019", + "dns.resp.len": "4", + "dns.a": "173.197.192.233" + }, + "n2b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2529", + "dns.resp.len": "4", + "dns.a": "204.1.137.41" + }, + "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2725", + "dns.resp.len": "4", + "dns.a": "173.223.52.108" + }, + "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.217": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3626", + "dns.resp.len": "4", + "dns.a": "209.18.46.217" + }, + "n5b.akamaiedge.net: type A, class IN, addr 209.18.46.223": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3370", + "dns.resp.len": "4", + "dns.a": "209.18.46.223" + }, + "n6b.akamaiedge.net: type A, class IN, addr 173.197.192.232": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3208", + "dns.resp.len": "4", + "dns.a": "173.197.192.232" + }, + "n7b.akamaiedge.net: type A, class IN, addr 96.17.70.173": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5231", + "dns.resp.len": "4", + "dns.a": "96.17.70.173" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5028", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 04:33:23.646883000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508499203.646883000", + "frame.time_delta": "3.475755000", + "frame.time_delta_displayed": "630.448422000", + "frame.time_relative": "41491.241679000", + "frame.number": "38816", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000984f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000206b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "49413", + "udp.dstport": "53", + "udp.port": "49413", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000ff55", + "udp.checksum.status": "2", + "udp.stream": "398" + }, + "dns": { + "dns.response_in": "38817", + "dns.id": "0x000004e2", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 04:33:23.648923000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508499203.648923000", + "frame.time_delta": "0.002040000", + "frame.time_delta_displayed": "0.002040000", + "frame.time_relative": "41491.243719000", + "frame.number": "38817", + "frame.len": "137", + "frame.cap_len": "137", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "123", + "ip.id": "0x000050e3", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000679d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "49413", + "udp.port": "53", + "udp.port": "49413", + "udp.length": "103", + "udp.checksum": "0x0000826a", + "udp.checksum.status": "2", + "udp.stream": "398" + }, + "dns": { + "dns.response_to": "38816", + "dns.time": "0.002040000", + "dns.id": "0x000004e2", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "6", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1786", + "dns.resp.len": "46", + "dns.soa.mname": "ns1.ext.philips.com", + "dns.soa.rname": "ddi-authority.philips.com", + "dns.soa.serial_number": "387", + "dns.soa.refresh_interval": "1200", + "dns.soa.retry_interval": "300", + "dns.soa.expire_limit": "1209600", + "dns.soa.mininum_ttl": "3600" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 04:33:23.651769000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508499203.651769000", + "frame.time_delta": "0.002846000", + "frame.time_delta_displayed": "0.002846000", + "frame.time_relative": "41491.246565000", + "frame.number": "38818", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00009850", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000206a", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "36635", + "udp.dstport": "53", + "udp.port": "36635", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00004c3f", + "udp.checksum.status": "2", + "udp.stream": "399" + }, + "dns": { + "dns.response_in": "38819", + "dns.id": "0x000004e3", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 04:33:23.653376000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508499203.653376000", + "frame.time_delta": "0.001607000", + "frame.time_delta_displayed": "0.001607000", + "frame.time_relative": "41491.248172000", + "frame.number": "38819", + "frame.len": "285", + "frame.cap_len": "285", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "271", + "ip.id": "0x000050e4", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00006708", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "36635", + "udp.port": "53", + "udp.port": "36635", + "udp.length": "251", + "udp.checksum": "0x000082fe", + "udp.checksum.status": "2", + "udp.stream": "399" + }, + "dns": { + "dns.response_to": "38818", + "dns.time": "0.001607000", + "dns.id": "0x000004e3", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "3", + "dns.count.add_rr": "6", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2989", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1786", + "dns.resp.len": "10", + "dns.ns": "ns1.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1786", + "dns.resp.len": "6", + "dns.ns": "ns2.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1786", + "dns.resp.len": "6", + "dns.ns": "ns3.ext.philips.com" + } + }, + "Additional records": { + "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "115407", + "dns.resp.len": "4", + "dns.a": "57.67.40.20" + }, + "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "140125", + "dns.resp.len": "4", + "dns.a": "57.77.21.76" + }, + "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "140125", + "dns.resp.len": "4", + "dns.a": "57.73.36.68" + }, + "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "119026", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce89:8001::57:67:40:20" + }, + "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "111599", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" + }, + "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "111599", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce9d:1::57:73:36:68" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 04:33:24.064209000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508499204.064209000", + "frame.time_delta": "0.000887000", + "frame.time_delta_displayed": "0.410833000", + "frame.time_relative": "41491.659005000", + "frame.number": "38835", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00009876", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002044", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "44523", + "udp.dstport": "53", + "udp.port": "44523", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000126e", + "udp.checksum.status": "2", + "udp.stream": "400" + }, + "dns": { + "dns.response_in": "38836", + "dns.id": "0x000004e4", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 04:33:24.064806000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508499204.064806000", + "frame.time_delta": "0.000597000", + "frame.time_delta_displayed": "0.000597000", + "frame.time_relative": "41491.659602000", + "frame.number": "38836", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00005106", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000067b4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "44523", + "udp.port": "53", + "udp.port": "44523", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "400" + }, + "dns": { + "dns.response_to": "38835", + "dns.time": "0.000597000", + "dns.id": "0x000004e4", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 04:33:24.065754000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508499204.065754000", + "frame.time_delta": "0.000948000", + "frame.time_delta_displayed": "0.000948000", + "frame.time_relative": "41491.660550000", + "frame.number": "38837", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00009877", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002043", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "44144", + "udp.dstport": "53", + "udp.port": "44144", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00002ee8", + "udp.checksum.status": "2", + "udp.stream": "401" + }, + "dns": { + "dns.response_in": "38838", + "dns.id": "0x000004e5", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 04:33:24.066174000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508499204.066174000", + "frame.time_delta": "0.000420000", + "frame.time_delta_displayed": "0.000420000", + "frame.time_relative": "41491.660970000", + "frame.number": "38838", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x00005107", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000067a3", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "44144", + "udp.port": "53", + "udp.port": "44144", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "401" + }, + "dns": { + "dns.response_to": "38837", + "dns.time": "0.000420000", + "dns.id": "0x000004e5", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2988", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 04:37:53.206495000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508499473.206495000", + "frame.time_delta": "0.549295000", + "frame.time_delta_displayed": "269.140321000", + "frame.time_relative": "41760.801291000", + "frame.number": "39097", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000dbe6", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000dcd6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "45662", + "udp.dstport": "53", + "udp.port": "45662", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000a673", + "udp.checksum.status": "2", + "udp.stream": "405" + }, + "dns": { + "dns.response_in": "39098", + "dns.id": "0x000004e6", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 04:37:53.212525000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508499473.212525000", + "frame.time_delta": "0.006030000", + "frame.time_delta_displayed": "0.006030000", + "frame.time_relative": "41760.807321000", + "frame.number": "39098", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000808b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000367d", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "45662", + "udp.port": "53", + "udp.port": "45662", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "405" + }, + "dns": { + "dns.response_to": "39097", + "dns.time": "0.006030000", + "dns.id": "0x000004e6", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "121", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "15119", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.27" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.42" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1090", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1090", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1090", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1090", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1090", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1090", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1090", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1090", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1090", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2426", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.233": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1119", + "dns.resp.len": "4", + "dns.a": "173.197.192.233" + }, + "n2b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1629", + "dns.resp.len": "4", + "dns.a": "204.1.137.41" + }, + "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1825", + "dns.resp.len": "4", + "dns.a": "173.223.52.108" + }, + "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.217": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2726", + "dns.resp.len": "4", + "dns.a": "209.18.46.217" + }, + "n5b.akamaiedge.net: type A, class IN, addr 209.18.46.223": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2470", + "dns.resp.len": "4", + "dns.a": "209.18.46.223" + }, + "n6b.akamaiedge.net: type A, class IN, addr 173.197.192.232": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2308", + "dns.resp.len": "4", + "dns.a": "173.197.192.232" + }, + "n7b.akamaiedge.net: type A, class IN, addr 96.17.70.173": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4331", + "dns.resp.len": "4", + "dns.a": "96.17.70.173" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4128", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 04:52:53.219299000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508500373.219299000", + "frame.time_delta": "3.495831000", + "frame.time_delta_displayed": "900.006774000", + "frame.time_relative": "42660.814095000", + "frame.number": "39806", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00005dbd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005b00", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "40448", + "udp.dstport": "53", + "udp.port": "40448", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000bad0", + "udp.checksum.status": "2", + "udp.stream": "409" + }, + "dns": { + "dns.response_in": "39807", + "dns.id": "0x000004e7", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 04:52:53.225624000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508500373.225624000", + "frame.time_delta": "0.006325000", + "frame.time_delta_displayed": "0.006325000", + "frame.time_relative": "42660.820420000", + "frame.number": "39807", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000ac16", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000af2", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "40448", + "udp.port": "53", + "udp.port": "40448", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "409" + }, + "dns": { + "dns.response_to": "39806", + "dns.time": "0.006325000", + "dns.id": "0x000004e7", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "122", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "14219", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.42" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.27" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "190", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "190", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "190", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "190", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "190", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "190", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "190", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "190", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "190", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1526", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 173.197.192.233": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "219", + "dns.resp.len": "4", + "dns.a": "173.197.192.233" + }, + "n2b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "729", + "dns.resp.len": "4", + "dns.a": "204.1.137.41" + }, + "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "925", + "dns.resp.len": "4", + "dns.a": "173.223.52.108" + }, + "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.217": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1826", + "dns.resp.len": "4", + "dns.a": "209.18.46.217" + }, + "n5b.akamaiedge.net: type A, class IN, addr 209.18.46.223": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1570", + "dns.resp.len": "4", + "dns.a": "209.18.46.223" + }, + "n6b.akamaiedge.net: type A, class IN, addr 173.197.192.232": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1408", + "dns.resp.len": "4", + "dns.a": "173.197.192.232" + }, + "n7b.akamaiedge.net: type A, class IN, addr 96.17.70.173": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3431", + "dns.resp.len": "4", + "dns.a": "96.17.70.173" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3228", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 05:07:53.234776000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508501273.234776000", + "frame.time_delta": "0.078020000", + "frame.time_delta_displayed": "900.009152000", + "frame.time_relative": "43560.829572000", + "frame.number": "40624", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00006faa", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004913", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56663", + "udp.dstport": "53", + "udp.port": "56663", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x00007b78", + "udp.checksum.status": "2", + "udp.stream": "410" + }, + "dns": { + "dns.response_in": "40625", + "dns.id": "0x000004e8", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 05:07:53.240805000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508501273.240805000", + "frame.time_delta": "0.006029000", + "frame.time_delta_displayed": "0.006029000", + "frame.time_relative": "43560.835601000", + "frame.number": "40625", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000456f", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007199", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "56663", + "udp.port": "53", + "udp.port": "56663", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "410" + }, + "dns": { + "dns.response_to": "40624", + "dns.time": "0.006029000", + "dns.id": "0x000004e8", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "122", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "13319", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.42" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.27" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3298", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3298", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3298", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3298", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3298", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3298", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3298", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3298", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3298", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "626", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7320", + "dns.resp.len": "4", + "dns.a": "173.223.52.109" + }, + "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7830", + "dns.resp.len": "4", + "dns.a": "173.223.52.109" + }, + "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.108": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "25", + "dns.resp.len": "4", + "dns.a": "173.223.52.108" + }, + "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.217": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "926", + "dns.resp.len": "4", + "dns.a": "209.18.46.217" + }, + "n5b.akamaiedge.net: type A, class IN, addr 209.18.46.223": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "670", + "dns.resp.len": "4", + "dns.a": "209.18.46.223" + }, + "n6b.akamaiedge.net: type A, class IN, addr 173.197.192.232": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "508", + "dns.resp.len": "4", + "dns.a": "173.197.192.232" + }, + "n7b.akamaiedge.net: type A, class IN, addr 96.17.70.173": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2531", + "dns.resp.len": "4", + "dns.a": "96.17.70.173" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2328", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 05:22:53.251101000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508502173.251101000", + "frame.time_delta": "2.791011000", + "frame.time_delta_displayed": "900.010296000", + "frame.time_relative": "44460.845897000", + "frame.number": "41391", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000c79b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000f121", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "47619", + "udp.dstport": "53", + "udp.port": "47619", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x00009ecb", + "udp.checksum.status": "2", + "udp.stream": "417" + }, + "dns": { + "dns.response_in": "41392", + "dns.id": "0x000004e9", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 05:22:53.257780000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508502173.257780000", + "frame.time_delta": "0.006679000", + "frame.time_delta_displayed": "0.006679000", + "frame.time_relative": "44460.852576000", + "frame.number": "41392", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x00002ab8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008c50", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "47619", + "udp.port": "53", + "udp.port": "47619", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "417" + }, + "dns": { + "dns.response_to": "41391", + "dns.time": "0.006679000", + "dns.id": "0x000004e9", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "122", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "12419", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.42" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.27" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2398", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2398", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2398", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2398", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2398", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2398", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2398", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2398", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2398", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3749", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6420", + "dns.resp.len": "4", + "dns.a": "173.223.52.109" + }, + "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6930", + "dns.resp.len": "4", + "dns.a": "173.223.52.109" + }, + "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.133": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3133", + "dns.resp.len": "4", + "dns.a": "173.223.52.133" + }, + "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.217": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "26", + "dns.resp.len": "4", + "dns.a": "209.18.46.217" + }, + "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7774", + "dns.resp.len": "4", + "dns.a": "204.2.166.158" + }, + "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3612", + "dns.resp.len": "4", + "dns.a": "204.2.166.150" + }, + "n7b.akamaiedge.net: type A, class IN, addr 96.17.70.173": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1631", + "dns.resp.len": "4", + "dns.a": "96.17.70.173" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1428", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 05:33:22.354168000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508502802.354168000", + "frame.time_delta": "7.493030000", + "frame.time_delta_displayed": "629.096388000", + "frame.time_relative": "45089.948964000", + "frame.number": "41927", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00004173", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007747", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "36484", + "udp.dstport": "53", + "udp.port": "36484", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x000031cf", + "udp.checksum.status": "2", + "udp.stream": "422" + }, + "dns": { + "dns.response_in": "41928", + "dns.id": "0x000004ea", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 05:33:22.356157000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508502802.356157000", + "frame.time_delta": "0.001989000", + "frame.time_delta_displayed": "0.001989000", + "frame.time_relative": "45089.950953000", + "frame.number": "41928", + "frame.len": "137", + "frame.cap_len": "137", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "123", + "ip.id": "0x00009f4a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001936", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "36484", + "udp.port": "53", + "udp.port": "36484", + "udp.length": "103", + "udp.checksum": "0x0000826a", + "udp.checksum.status": "2", + "udp.stream": "422" + }, + "dns": { + "dns.response_to": "41927", + "dns.time": "0.001989000", + "dns.id": "0x000004ea", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "6", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1", + "dns.resp.len": "46", + "dns.soa.mname": "ns1.ext.philips.com", + "dns.soa.rname": "ddi-authority.philips.com", + "dns.soa.serial_number": "387", + "dns.soa.refresh_interval": "1200", + "dns.soa.retry_interval": "300", + "dns.soa.expire_limit": "1209600", + "dns.soa.mininum_ttl": "3600" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 05:33:22.357016000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508502802.357016000", + "frame.time_delta": "0.000859000", + "frame.time_delta_displayed": "0.000859000", + "frame.time_relative": "45089.951812000", + "frame.number": "41929", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00004174", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007746", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "37527", + "udp.dstport": "53", + "udp.port": "37527", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x000048bb", + "udp.checksum.status": "2", + "udp.stream": "423" + }, + "dns": { + "dns.response_in": "41930", + "dns.id": "0x000004eb", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 05:33:22.358502000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508502802.358502000", + "frame.time_delta": "0.001486000", + "frame.time_delta_displayed": "0.001486000", + "frame.time_relative": "45089.953298000", + "frame.number": "41930", + "frame.len": "285", + "frame.cap_len": "285", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "271", + "ip.id": "0x00009f4b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000018a1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "37527", + "udp.port": "53", + "udp.port": "37527", + "udp.length": "251", + "udp.checksum": "0x000082fe", + "udp.checksum.status": "2", + "udp.stream": "423" + }, + "dns": { + "dns.response_to": "41929", + "dns.time": "0.001486000", + "dns.id": "0x000004eb", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "3", + "dns.count.add_rr": "6", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "413", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2799", + "dns.resp.len": "10", + "dns.ns": "ns2.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2799", + "dns.resp.len": "6", + "dns.ns": "ns3.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2799", + "dns.resp.len": "6", + "dns.ns": "ns1.ext.philips.com" + } + }, + "Additional records": { + "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "161051", + "dns.resp.len": "4", + "dns.a": "57.67.40.20" + }, + "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "131974", + "dns.resp.len": "4", + "dns.a": "57.77.21.76" + }, + "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "131974", + "dns.resp.len": "4", + "dns.a": "57.73.36.68" + }, + "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "150229", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce89:8001::57:67:40:20" + }, + "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "21951", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" + }, + "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "21951", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce9d:1::57:73:36:68" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 05:33:22.769938000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508502802.769938000", + "frame.time_delta": "0.000959000", + "frame.time_delta_displayed": "0.411436000", + "frame.time_relative": "45090.364734000", + "frame.number": "41946", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000418a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00007730", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "35698", + "udp.dstport": "53", + "udp.port": "35698", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x000034df", + "udp.checksum.status": "2", + "udp.stream": "424" + }, + "dns": { + "dns.response_in": "41947", + "dns.id": "0x000004ec", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 05:33:22.770497000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508502802.770497000", + "frame.time_delta": "0.000559000", + "frame.time_delta_displayed": "0.000559000", + "frame.time_relative": "45090.365293000", + "frame.number": "41947", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00009f51", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001969", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "35698", + "udp.port": "53", + "udp.port": "35698", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "424" + }, + "dns": { + "dns.response_to": "41946", + "dns.time": "0.000559000", + "dns.id": "0x000004ec", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 05:33:22.771306000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508502802.771306000", + "frame.time_delta": "0.000809000", + "frame.time_delta_displayed": "0.000809000", + "frame.time_relative": "45090.366102000", + "frame.number": "41948", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000418b", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000772f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "59480", + "udp.dstport": "53", + "udp.port": "59480", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000f2f7", + "udp.checksum.status": "2", + "udp.stream": "425" + }, + "dns": { + "dns.response_in": "41949", + "dns.id": "0x000004ed", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 05:33:22.771826000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508502802.771826000", + "frame.time_delta": "0.000520000", + "frame.time_delta_displayed": "0.000520000", + "frame.time_relative": "45090.366622000", + "frame.number": "41949", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x00009f52", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00001958", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "59480", + "udp.port": "53", + "udp.port": "59480", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "425" + }, + "dns": { + "dns.response_to": "41948", + "dns.time": "0.000520000", + "dns.id": "0x000004ed", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "413", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 05:37:53.266045000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508503073.266045000", + "frame.time_delta": "2.473971000", + "frame.time_delta_displayed": "270.494219000", + "frame.time_relative": "45360.860841000", + "frame.number": "42165", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00006f25", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00004998", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "45073", + "udp.dstport": "53", + "udp.port": "45073", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000a8b8", + "udp.checksum.status": "2", + "udp.stream": "426" + }, + "dns": { + "dns.response_in": "42166", + "dns.id": "0x000004ee", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 05:37:53.344536000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508503073.344536000", + "frame.time_delta": "0.078491000", + "frame.time_delta_displayed": "0.078491000", + "frame.time_relative": "45360.939332000", + "frame.number": "42166", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000a957", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000db1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "45073", + "udp.port": "53", + "udp.port": "45073", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "426" + }, + "dns": { + "dns.response_to": "42165", + "dns.time": "0.078491000", + "dns.id": "0x000004ee", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "300", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "13344", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.42" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.27" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1573", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1573", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1573", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1573", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1573", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1573", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1573", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1573", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1573", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1109", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 96.17.70.173": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1648", + "dns.resp.len": "4", + "dns.a": "96.17.70.173" + }, + "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.131": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4418", + "dns.resp.len": "4", + "dns.a": "173.223.52.131" + }, + "n3b.akamaiedge.net: type A, class IN, addr 209.18.46.223": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "492", + "dns.resp.len": "4", + "dns.a": "209.18.46.223" + }, + "n4b.akamaiedge.net: type A, class IN, addr 209.18.46.225": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2893", + "dns.resp.len": "4", + "dns.a": "209.18.46.225" + }, + "n5b.akamaiedge.net: type A, class IN, addr 209.18.46.218": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1445", + "dns.resp.len": "4", + "dns.a": "209.18.46.218" + }, + "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.133": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1033", + "dns.resp.len": "4", + "dns.a": "173.223.52.133" + }, + "n7b.akamaiedge.net: type A, class IN, addr 96.17.70.173": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1131", + "dns.resp.len": "4", + "dns.a": "96.17.70.173" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4587", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 05:52:53.349738000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508503973.349738000", + "frame.time_delta": "0.133221000", + "frame.time_delta_displayed": "900.005202000", + "frame.time_relative": "46260.944534000", + "frame.number": "42899", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00003ed9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000079e4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "37008", + "udp.dstport": "53", + "udp.port": "37008", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000c838", + "udp.checksum.status": "2", + "udp.stream": "430" + }, + "dns": { + "dns.response_in": "42900", + "dns.id": "0x000004ef", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 05:52:53.356337000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508503973.356337000", + "frame.time_delta": "0.006599000", + "frame.time_delta_displayed": "0.006599000", + "frame.time_relative": "46260.951133000", + "frame.number": "42900", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000f284", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c483", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "37008", + "udp.port": "53", + "udp.port": "37008", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "430" + }, + "dns": { + "dns.response_to": "42899", + "dns.time": "0.006599000", + "dns.id": "0x000004ef", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "123", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "10619", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.42" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.27" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "598", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "598", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "598", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "598", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "598", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "598", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "598", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "598", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "598", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1949", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4620", + "dns.resp.len": "4", + "dns.a": "173.223.52.109" + }, + "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5130", + "dns.resp.len": "4", + "dns.a": "173.223.52.109" + }, + "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.133": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1333", + "dns.resp.len": "4", + "dns.a": "173.223.52.133" + }, + "n4b.akamaiedge.net: type A, class IN, addr 204.2.166.157": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4233", + "dns.resp.len": "4", + "dns.a": "204.2.166.157" + }, + "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5974", + "dns.resp.len": "4", + "dns.a": "204.2.166.158" + }, + "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1812", + "dns.resp.len": "4", + "dns.a": "204.2.166.150" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.157.167": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5834", + "dns.resp.len": "4", + "dns.a": "165.254.157.167" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5629", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 06:07:53.361739000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508504873.361739000", + "frame.time_delta": "3.522645000", + "frame.time_delta_displayed": "900.005402000", + "frame.time_relative": "47160.956535000", + "frame.number": "43627", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00002003", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000098ba", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "32771", + "udp.dstport": "53", + "udp.port": "32771", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000d8c4", + "udp.checksum.status": "2", + "udp.stream": "434" + }, + "dns": { + "dns.response_in": "43628", + "dns.id": "0x000004f0", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 06:07:53.369270000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508504873.369270000", + "frame.time_delta": "0.007531000", + "frame.time_delta_displayed": "0.007531000", + "frame.time_relative": "47160.964066000", + "frame.number": "43628", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000dd37", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000d9d0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "32771", + "udp.port": "53", + "udp.port": "32771", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "434" + }, + "dns": { + "dns.response_to": "43627", + "dns.time": "0.007531000", + "dns.id": "0x000004f0", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "126", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "9719", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3700", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3700", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3700", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3700", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3700", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3700", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3700", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3700", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3700", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1049", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3720", + "dns.resp.len": "4", + "dns.a": "173.223.52.109" + }, + "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4230", + "dns.resp.len": "4", + "dns.a": "173.223.52.109" + }, + "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.133": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "433", + "dns.resp.len": "4", + "dns.a": "173.223.52.133" + }, + "n4b.akamaiedge.net: type A, class IN, addr 204.2.166.157": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3333", + "dns.resp.len": "4", + "dns.a": "204.2.166.157" + }, + "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5074", + "dns.resp.len": "4", + "dns.a": "204.2.166.158" + }, + "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "912", + "dns.resp.len": "4", + "dns.a": "204.2.166.150" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.157.167": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4934", + "dns.resp.len": "4", + "dns.a": "165.254.157.167" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4729", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 06:22:53.379501000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508505773.379501000", + "frame.time_delta": "5.573394000", + "frame.time_delta_displayed": "900.010231000", + "frame.time_relative": "48060.974297000", + "frame.number": "44377", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000ea56", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000ce66", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "47638", + "udp.dstport": "53", + "udp.port": "47638", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x00009eb0", + "udp.checksum.status": "2", + "udp.stream": "438" + }, + "dns": { + "dns.response_in": "44378", + "dns.id": "0x000004f1", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 06:22:53.386242000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508505773.386242000", + "frame.time_delta": "0.006741000", + "frame.time_delta_displayed": "0.006741000", + "frame.time_relative": "48060.981038000", + "frame.number": "44378", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x000016a1", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000a067", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "47638", + "udp.port": "53", + "udp.port": "47638", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "438" + }, + "dns": { + "dns.response_to": "44377", + "dns.time": "0.006741000", + "dns.id": "0x000004f1", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "126", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "8819", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.27": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.27" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 184.84.242.42": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "184.84.242.42" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2800", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2800", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2800", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2800", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2800", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2800", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2800", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2800", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2800", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "149", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2820", + "dns.resp.len": "4", + "dns.a": "173.223.52.109" + }, + "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3330", + "dns.resp.len": "4", + "dns.a": "173.223.52.109" + }, + "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.192": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3537", + "dns.resp.len": "4", + "dns.a": "96.17.70.192" + }, + "n4b.akamaiedge.net: type A, class IN, addr 204.2.166.157": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2433", + "dns.resp.len": "4", + "dns.a": "204.2.166.157" + }, + "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4174", + "dns.resp.len": "4", + "dns.a": "204.2.166.158" + }, + "n6b.akamaiedge.net: type A, class IN, addr 204.2.166.150": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "12", + "dns.resp.len": "4", + "dns.a": "204.2.166.150" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.157.167": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4034", + "dns.resp.len": "4", + "dns.a": "165.254.157.167" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3829", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 06:33:22.946788000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508506402.946788000", + "frame.time_delta": "0.766058000", + "frame.time_delta_displayed": "629.560546000", + "frame.time_relative": "48690.541584000", + "frame.number": "44868", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000bdc8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000faf1", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "34522", + "udp.dstport": "53", + "udp.port": "34522", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00003971", + "udp.checksum.status": "2", + "udp.stream": "444" + }, + "dns": { + "dns.response_in": "44869", + "dns.id": "0x000004f2", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 06:33:22.948908000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508506402.948908000", + "frame.time_delta": "0.002120000", + "frame.time_delta_displayed": "0.002120000", + "frame.time_relative": "48690.543704000", + "frame.number": "44869", + "frame.len": "137", + "frame.cap_len": "137", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "123", + "ip.id": "0x00005bc7", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005cb9", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "34522", + "udp.port": "53", + "udp.port": "34522", + "udp.length": "103", + "udp.checksum": "0x0000826a", + "udp.checksum.status": "2", + "udp.stream": "444" + }, + "dns": { + "dns.response_to": "44868", + "dns.time": "0.002120000", + "dns.id": "0x000004f2", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "6", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "413", + "dns.resp.len": "46", + "dns.soa.mname": "ns1.ext.philips.com", + "dns.soa.rname": "ddi-authority.philips.com", + "dns.soa.serial_number": "387", + "dns.soa.refresh_interval": "1200", + "dns.soa.retry_interval": "300", + "dns.soa.expire_limit": "1209600", + "dns.soa.mininum_ttl": "3600" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 06:33:22.950083000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508506402.950083000", + "frame.time_delta": "0.001175000", + "frame.time_delta_displayed": "0.001175000", + "frame.time_relative": "48690.544879000", + "frame.number": "44870", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000bdc9", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000faf0", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "33646", + "udp.dstport": "53", + "udp.port": "33646", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x000057dc", + "udp.checksum.status": "2", + "udp.stream": "445" + }, + "dns": { + "dns.response_in": "44871", + "dns.id": "0x000004f3", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 06:33:22.951622000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508506402.951622000", + "frame.time_delta": "0.001539000", + "frame.time_delta_displayed": "0.001539000", + "frame.time_relative": "48690.546418000", + "frame.number": "44871", + "frame.len": "285", + "frame.cap_len": "285", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "271", + "ip.id": "0x00005bc8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005c24", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "33646", + "udp.port": "53", + "udp.port": "33646", + "udp.length": "251", + "udp.checksum": "0x000082fe", + "udp.checksum.status": "2", + "udp.stream": "445" + }, + "dns": { + "dns.response_to": "44870", + "dns.time": "0.001539000", + "dns.id": "0x000004f3", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "3", + "dns.count.add_rr": "6", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "413", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2799", + "dns.resp.len": "10", + "dns.ns": "ns1.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2799", + "dns.resp.len": "6", + "dns.ns": "ns3.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2799", + "dns.resp.len": "6", + "dns.ns": "ns2.ext.philips.com" + } + }, + "Additional records": { + "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "157451", + "dns.resp.len": "4", + "dns.a": "57.67.40.20" + }, + "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "128374", + "dns.resp.len": "4", + "dns.a": "57.77.21.76" + }, + "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "128374", + "dns.resp.len": "4", + "dns.a": "57.73.36.68" + }, + "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "146629", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce89:8001::57:67:40:20" + }, + "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "18351", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" + }, + "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "18351", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce9d:1::57:73:36:68" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 06:33:23.416488000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508506403.416488000", + "frame.time_delta": "0.000964000", + "frame.time_delta_displayed": "0.464866000", + "frame.time_relative": "48691.011284000", + "frame.number": "44887", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000bddb", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000fade", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "59813", + "udp.dstport": "53", + "udp.port": "59813", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000d6a3", + "udp.checksum.status": "2", + "udp.stream": "446" + }, + "dns": { + "dns.response_in": "44888", + "dns.id": "0x000004f4", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 06:33:23.416961000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508506403.416961000", + "frame.time_delta": "0.000473000", + "frame.time_delta_displayed": "0.000473000", + "frame.time_relative": "48691.011757000", + "frame.number": "44888", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x00005bce", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005cec", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "59813", + "udp.port": "53", + "udp.port": "59813", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "446" + }, + "dns": { + "dns.response_to": "44887", + "dns.time": "0.000473000", + "dns.id": "0x000004f4", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 06:33:23.417890000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508506403.417890000", + "frame.time_delta": "0.000929000", + "frame.time_delta_displayed": "0.000929000", + "frame.time_relative": "48691.012686000", + "frame.number": "44889", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000bddc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000fadd", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "44681", + "udp.dstport": "53", + "udp.port": "44681", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00002cbf", + "udp.checksum.status": "2", + "udp.stream": "447" + }, + "dns": { + "dns.response_in": "44890", + "dns.id": "0x000004f5", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 06:33:23.418452000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508506403.418452000", + "frame.time_delta": "0.000562000", + "frame.time_delta_displayed": "0.000562000", + "frame.time_relative": "48691.013248000", + "frame.number": "44890", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x00005bcf", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00005cdb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "44681", + "udp.port": "53", + "udp.port": "44681", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "447" + }, + "dns": { + "dns.response_to": "44889", + "dns.time": "0.000562000", + "dns.id": "0x000004f5", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "412", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 06:37:53.397275000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508506673.397275000", + "frame.time_delta": "0.977714000", + "frame.time_delta_displayed": "269.978823000", + "frame.time_relative": "48960.992071000", + "frame.number": "45164", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x0000f463", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000c459", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53189", + "udp.dstport": "53", + "udp.port": "53189", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x000088fc", + "udp.checksum.status": "2", + "udp.stream": "449" + }, + "dns": { + "dns.response_in": "45165", + "dns.id": "0x000004f6", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 06:37:53.407078000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508506673.407078000", + "frame.time_delta": "0.009803000", + "frame.time_delta_displayed": "0.009803000", + "frame.time_relative": "48961.001874000", + "frame.number": "45165", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000adc8", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00000940", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "53189", + "udp.port": "53", + "udp.port": "53189", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "449" + }, + "dns": { + "dns.response_to": "45164", + "dns.time": "0.009803000", + "dns.id": "0x000004f6", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "127", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7919", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1900", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1900", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1900", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1900", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1900", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1900", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1900", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1900", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1900", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3256", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1920", + "dns.resp.len": "4", + "dns.a": "173.223.52.109" + }, + "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2430", + "dns.resp.len": "4", + "dns.a": "173.223.52.109" + }, + "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.192": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2637", + "dns.resp.len": "4", + "dns.a": "96.17.70.192" + }, + "n4b.akamaiedge.net: type A, class IN, addr 204.2.166.157": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1533", + "dns.resp.len": "4", + "dns.a": "204.2.166.157" + }, + "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3274", + "dns.resp.len": "4", + "dns.a": "204.2.166.158" + }, + "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.188": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3115", + "dns.resp.len": "4", + "dns.a": "96.17.70.188" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.157.167": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3134", + "dns.resp.len": "4", + "dns.a": "165.254.157.167" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2929", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 06:52:53.416716000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508507573.416716000", + "frame.time_delta": "1.378707000", + "frame.time_delta_displayed": "900.009638000", + "frame.time_relative": "49861.011512000", + "frame.number": "45902", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x000028c2", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00008ffb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53544", + "udp.dstport": "53", + "udp.port": "53544", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x00008798", + "udp.checksum.status": "2", + "udp.stream": "454" + }, + "dns": { + "dns.response_in": "45903", + "dns.id": "0x000004f7", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 06:52:53.422982000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508507573.422982000", + "frame.time_delta": "0.006266000", + "frame.time_delta_displayed": "0.006266000", + "frame.time_relative": "49861.017778000", + "frame.number": "45903", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000f786", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bf81", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "53544", + "udp.port": "53", + "udp.port": "53544", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "454" + }, + "dns": { + "dns.response_to": "45902", + "dns.time": "0.006266000", + "dns.id": "0x000004f7", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "127", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7019", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1000", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1000", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1000", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1000", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1000", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1000", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1000", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1000", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1000", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2356", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1020", + "dns.resp.len": "4", + "dns.a": "173.223.52.109" + }, + "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1530", + "dns.resp.len": "4", + "dns.a": "173.223.52.109" + }, + "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.192": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1737", + "dns.resp.len": "4", + "dns.a": "96.17.70.192" + }, + "n4b.akamaiedge.net: type A, class IN, addr 204.2.166.157": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "633", + "dns.resp.len": "4", + "dns.a": "204.2.166.157" + }, + "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2374", + "dns.resp.len": "4", + "dns.a": "204.2.166.158" + }, + "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.188": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2215", + "dns.resp.len": "4", + "dns.a": "96.17.70.188" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.157.167": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2234", + "dns.resp.len": "4", + "dns.a": "165.254.157.167" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2029", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 07:07:53.431212000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508508473.431212000", + "frame.time_delta": "2.092085000", + "frame.time_delta_displayed": "900.008230000", + "frame.time_relative": "50761.026008000", + "frame.number": "46613", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00000dff", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000aabe", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "34206", + "udp.dstport": "53", + "udp.port": "34206", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000d321", + "udp.checksum.status": "2", + "udp.stream": "458" + }, + "dns": { + "dns.response_in": "46614", + "dns.id": "0x000004f8", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 07:07:53.437633000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508508473.437633000", + "frame.time_delta": "0.006421000", + "frame.time_delta_displayed": "0.006421000", + "frame.time_relative": "50761.032429000", + "frame.number": "46614", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x00004f64", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x000067a4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "34206", + "udp.port": "53", + "udp.port": "34206", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "458" + }, + "dns": { + "dns.response_to": "46613", + "dns.time": "0.006421000", + "dns.id": "0x000004f8", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "127", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6119", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "100", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "100", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "100", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "100", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "100", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "100", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "100", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "100", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "100", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1456", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "120", + "dns.resp.len": "4", + "dns.a": "173.223.52.109" + }, + "n2b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "630", + "dns.resp.len": "4", + "dns.a": "173.223.52.109" + }, + "n3b.akamaiedge.net: type A, class IN, addr 96.17.70.192": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "837", + "dns.resp.len": "4", + "dns.a": "96.17.70.192" + }, + "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.207": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5740", + "dns.resp.len": "4", + "dns.a": "198.172.88.207" + }, + "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1474", + "dns.resp.len": "4", + "dns.a": "204.2.166.158" + }, + "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.188": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1315", + "dns.resp.len": "4", + "dns.a": "96.17.70.188" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.157.167": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1334", + "dns.resp.len": "4", + "dns.a": "165.254.157.167" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "1129", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 07:22:53.445298000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508509373.445298000", + "frame.time_delta": "4.162550000", + "frame.time_delta_displayed": "900.007665000", + "frame.time_relative": "51661.040094000", + "frame.number": "47529", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00001618", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000a2a5", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "37517", + "udp.dstport": "53", + "udp.port": "37517", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x0000c631", + "udp.checksum.status": "2", + "udp.stream": "459" + }, + "dns": { + "dns.response_in": "47530", + "dns.id": "0x000004f9", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 07:22:53.451560000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508509373.451560000", + "frame.time_delta": "0.006262000", + "frame.time_delta_displayed": "0.006262000", + "frame.time_relative": "51661.046356000", + "frame.number": "47530", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x0000879c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00002f6c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "37517", + "udp.port": "53", + "udp.port": "37517", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "459" + }, + "dns": { + "dns.response_to": "47529", + "dns.time": "0.006262000", + "dns.id": "0x000004f9", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "127", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5219", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3203", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3203", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3203", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3203", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3203", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3203", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3203", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3203", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3203", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "556", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 96.17.70.191": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7221", + "dns.resp.len": "4", + "dns.a": "96.17.70.191" + }, + "n2b.akamaiedge.net: type A, class IN, addr 165.254.146.244": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7733", + "dns.resp.len": "4", + "dns.a": "165.254.146.244" + }, + "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3938", + "dns.resp.len": "4", + "dns.a": "173.223.52.109" + }, + "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.207": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4840", + "dns.resp.len": "4", + "dns.a": "198.172.88.207" + }, + "n5b.akamaiedge.net: type A, class IN, addr 204.2.166.158": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "574", + "dns.resp.len": "4", + "dns.a": "204.2.166.158" + }, + "n6b.akamaiedge.net: type A, class IN, addr 96.17.70.188": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "415", + "dns.resp.len": "4", + "dns.a": "96.17.70.188" + }, + "n7b.akamaiedge.net: type A, class IN, addr 165.254.157.167": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "434", + "dns.resp.len": "4", + "dns.a": "165.254.157.167" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "229", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 07:33:23.445057000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508510003.445057000", + "frame.time_delta": "7.984590000", + "frame.time_delta_displayed": "629.993497000", + "frame.time_relative": "52291.039853000", + "frame.number": "48058", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000fb5d", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bd5c", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "54194", + "udp.dstport": "53", + "udp.port": "54194", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000ec90", + "udp.checksum.status": "2", + "udp.stream": "463" + }, + "dns": { + "dns.response_in": "48059", + "dns.id": "0x000004fa", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 07:33:23.447069000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508510003.447069000", + "frame.time_delta": "0.002012000", + "frame.time_delta_displayed": "0.002012000", + "frame.time_relative": "52291.041865000", + "frame.number": "48059", + "frame.len": "137", + "frame.cap_len": "137", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "123", + "ip.id": "0x000001dc", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b6a4", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "54194", + "udp.port": "53", + "udp.port": "54194", + "udp.length": "103", + "udp.checksum": "0x0000826a", + "udp.checksum.status": "2", + "udp.stream": "463" + }, + "dns": { + "dns.response_to": "48058", + "dns.time": "0.002012000", + "dns.id": "0x000004fa", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "1", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type SOA, class IN, mname ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "6", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "412", + "dns.resp.len": "46", + "dns.soa.mname": "ns1.ext.philips.com", + "dns.soa.rname": "ddi-authority.philips.com", + "dns.soa.serial_number": "387", + "dns.soa.refresh_interval": "1200", + "dns.soa.retry_interval": "300", + "dns.soa.expire_limit": "1209600", + "dns.soa.mininum_ttl": "3600" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 07:33:23.447897000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508510003.447897000", + "frame.time_delta": "0.000828000", + "frame.time_delta_displayed": "0.000828000", + "frame.time_relative": "52291.042693000", + "frame.number": "48060", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000fb5e", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bd5b", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "35295", + "udp.dstport": "53", + "udp.port": "35295", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00005163", + "udp.checksum.status": "2", + "udp.stream": "464" + }, + "dns": { + "dns.response_in": "48061", + "dns.id": "0x000004fb", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 07:33:23.449477000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508510003.449477000", + "frame.time_delta": "0.001580000", + "frame.time_delta_displayed": "0.001580000", + "frame.time_relative": "52291.044273000", + "frame.number": "48061", + "frame.len": "285", + "frame.cap_len": "285", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "271", + "ip.id": "0x000001dd", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b60f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "35295", + "udp.port": "53", + "udp.port": "35295", + "udp.length": "251", + "udp.checksum": "0x000082fe", + "udp.checksum.status": "2", + "udp.stream": "464" + }, + "dns": { + "dns.response_to": "48060", + "dns.time": "0.001580000", + "dns.id": "0x000004fb", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "3", + "dns.count.add_rr": "6", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "412", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + }, + "Authoritative nameservers": { + "cpp.philips.com: type NS, class IN, ns ns2.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2798", + "dns.resp.len": "10", + "dns.ns": "ns2.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns3.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2798", + "dns.resp.len": "6", + "dns.ns": "ns3.ext.philips.com" + }, + "cpp.philips.com: type NS, class IN, ns ns1.ext.philips.com": { + "dns.resp.name": "cpp.philips.com", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2798", + "dns.resp.len": "6", + "dns.ns": "ns1.ext.philips.com" + } + }, + "Additional records": { + "ns1.ext.philips.com: type A, class IN, addr 57.67.40.20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "153850", + "dns.resp.len": "4", + "dns.a": "57.67.40.20" + }, + "ns2.ext.philips.com: type A, class IN, addr 57.77.21.76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "124773", + "dns.resp.len": "4", + "dns.a": "57.77.21.76" + }, + "ns3.ext.philips.com: type A, class IN, addr 57.73.36.68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "124773", + "dns.resp.len": "4", + "dns.a": "57.73.36.68" + }, + "ns1.ext.philips.com: type AAAA, class IN, addr 2a01:ce89:8001::57:67:40:20": { + "dns.resp.name": "ns1.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "143028", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce89:8001::57:67:40:20" + }, + "ns2.ext.philips.com: type AAAA, class IN, addr 2a01:ce95:4001:100:57:77:21:76": { + "dns.resp.name": "ns2.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "14750", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce95:4001:100:57:77:21:76" + }, + "ns3.ext.philips.com: type AAAA, class IN, addr 2a01:ce9d:1::57:73:36:68": { + "dns.resp.name": "ns3.ext.philips.com", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "14750", + "dns.resp.len": "16", + "dns.aaaa": "2a01:ce9d:1::57:73:36:68" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 07:33:23.865101000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508510003.865101000", + "frame.time_delta": "0.001627000", + "frame.time_delta_displayed": "0.415624000", + "frame.time_relative": "52291.459897000", + "frame.number": "48078", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000fb69", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bd50", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "56468", + "udp.dstport": "53", + "udp.port": "56468", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x0000e3ac", + "udp.checksum.status": "2", + "udp.stream": "465" + }, + "dns": { + "dns.response_in": "48079", + "dns.id": "0x000004fc", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 07:33:23.865672000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508510003.865672000", + "frame.time_delta": "0.000571000", + "frame.time_delta_displayed": "0.000571000", + "frame.time_relative": "52291.460468000", + "frame.number": "48079", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x000001de", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b6dc", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "56468", + "udp.port": "53", + "udp.port": "56468", + "udp.length": "45", + "udp.checksum": "0x00008230", + "udp.checksum.status": "2", + "udp.stream": "465" + }, + "dns": { + "dns.response_to": "48078", + "dns.time": "0.000571000", + "dns.id": "0x000004fc", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type AAAA, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "28", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 07:33:23.866499000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508510003.866499000", + "frame.time_delta": "0.000827000", + "frame.time_delta_displayed": "0.000827000", + "frame.time_relative": "52291.461295000", + "frame.number": "48080", + "frame.len": "79", + "frame.cap_len": "79", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "65", + "ip.id": "0x0000fb6a", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000bd4f", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "42815", + "udp.dstport": "53", + "udp.port": "42815", + "udp.port": "53", + "udp.length": "45", + "udp.checksum": "0x00003401", + "udp.checksum.status": "2", + "udp.stream": "466" + }, + "dns": { + "dns.response_in": "48081", + "dns.id": "0x000004fd", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 07:33:23.867228000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508510003.867228000", + "frame.time_delta": "0.000729000", + "frame.time_delta_displayed": "0.000729000", + "frame.time_relative": "52291.462024000", + "frame.number": "48081", + "frame.len": "95", + "frame.cap_len": "95", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "81", + "ip.id": "0x000001df", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000b6cb", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "42815", + "udp.port": "53", + "udp.port": "42815", + "udp.length": "61", + "udp.checksum": "0x00008240", + "udp.checksum.status": "2", + "udp.stream": "466" + }, + "dns": { + "dns.response_to": "48080", + "dns.time": "0.000729000", + "dns.id": "0x000004fd", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "1", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "dcp.cpp.philips.com: type A, class IN": { + "dns.qry.name": "dcp.cpp.philips.com", + "dns.qry.name.len": "19", + "dns.count.labels": "4", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "dcp.cpp.philips.com: type A, class IN, addr 5.79.62.93": { + "dns.resp.name": "dcp.cpp.philips.com", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "412", + "dns.resp.len": "4", + "dns.a": "5.79.62.93" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 07:37:53.461226000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508510273.461226000", + "frame.time_delta": "5.280384000", + "frame.time_delta_displayed": "269.593998000", + "frame.time_relative": "52561.056022000", + "frame.number": "48304", + "frame.len": "76", + "frame.cap_len": "76", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.dst_tree": { + "eth.dst_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "00:17:88:69:ee:e4", + "eth.src_tree": { + "eth.src_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "62", + "ip.id": "0x00000e4c", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x0000aa71", + "ip.checksum.status": "2", + "ip.src": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.src_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "ip.dst": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.dst_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "49801", + "udp.dstport": "53", + "udp.port": "49801", + "udp.port": "53", + "udp.length": "42", + "udp.checksum": "0x00009630", + "udp.checksum.status": "2", + "udp.stream": "467" + }, + "dns": { + "dns.response_in": "48305", + "dns.id": "0x000004fe", + "dns.flags": "0x00000100", + "dns.flags_tree": { + "dns.flags.response": "0", + "dns.flags.opcode": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.z": "0", + "dns.flags.checkdisable": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "0", + "dns.count.auth_rr": "0", + "dns.count.add_rr": "0", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + } + } + } + } + } + , + { + "_index": "packets-2017-10-26", + "_type": "pcap_file", + "_score": null, + "_source": { + "layers": { + "frame": { + "frame.encap_type": "1", + "frame.time": "Oct 20, 2017 07:37:53.467660000 PDT", + "frame.offset_shift": "0.000000000", + "frame.time_epoch": "1508510273.467660000", + "frame.time_delta": "0.006434000", + "frame.time_delta_displayed": "0.006434000", + "frame.time_relative": "52561.062456000", + "frame.number": "48305", + "frame.len": "513", + "frame.cap_len": "513", + "frame.marked": "0", + "frame.ignored": "0", + "frame.protocols": "eth:ethertype:ip:udp:dns", + "frame.coloring_rule.name": "UDP", + "frame.coloring_rule.string": "udp" + }, + "eth": { + "eth.dst": "00:17:88:69:ee:e4", + "eth.dst_tree": { + "eth.dst_resolved": "PhilipsL_69:ee:e4", + "eth.addr": "00:17:88:69:ee:e4", + "eth.addr_resolved": "PhilipsL_69:ee:e4", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.src": "b0:b9:8a:73:69:8e", + "eth.src_tree": { + "eth.src_resolved": "Netgear_73:69:8e", + "eth.addr": "b0:b9:8a:73:69:8e", + "eth.addr_resolved": "Netgear_73:69:8e", + "eth.lg": "0", + "eth.ig": "0" + }, + "eth.type": "0x00000800" + }, + "ip": { + "ip.version": "4", + "ip.hdr_len": "20", + "ip.dsfield": "0x00000000", + "ip.dsfield_tree": { + "ip.dsfield.dscp": "0", + "ip.dsfield.ecn": "0" + }, + "ip.len": "499", + "ip.id": "0x00001912", + "ip.flags": "0x00000002", + "ip.flags_tree": { + "ip.flags.rb": "0", + "ip.flags.df": "1", + "ip.flags.mf": "0" + }, + "ip.frag_offset": "0", + "ip.ttl": "64", + "ip.proto": "17", + "ip.checksum": "0x00009df6", + "ip.checksum.status": "2", + "ip.src": "192.168.0.1", + "ip.addr": "192.168.0.1", + "ip.src_host": "192.168.0.1", + "ip.host": "192.168.0.1", + "ip.dst": "192.168.0.160", + "ip.addr": "192.168.0.160", + "ip.dst_host": "192.168.0.160", + "ip.host": "192.168.0.160", + "Source GeoIP: Unknown": "", + "Destination GeoIP: Unknown": "" + }, + "udp": { + "udp.srcport": "53", + "udp.dstport": "49801", + "udp.port": "53", + "udp.port": "49801", + "udp.length": "479", + "udp.checksum": "0x000083e2", + "udp.checksum.status": "2", + "udp.stream": "467" + }, + "dns": { + "dns.response_to": "48304", + "dns.time": "0.006434000", + "dns.id": "0x000004fe", + "dns.flags": "0x00008180", + "dns.flags_tree": { + "dns.flags.response": "1", + "dns.flags.opcode": "0", + "dns.flags.authoritative": "0", + "dns.flags.truncated": "0", + "dns.flags.recdesired": "1", + "dns.flags.recavail": "1", + "dns.flags.z": "0", + "dns.flags.authenticated": "0", + "dns.flags.checkdisable": "0", + "dns.flags.rcode": "0" + }, + "dns.count.queries": "1", + "dns.count.answers": "4", + "dns.count.auth_rr": "9", + "dns.count.add_rr": "9", + "Queries": { + "www2.meethue.com: type A, class IN": { + "dns.qry.name": "www2.meethue.com", + "dns.qry.name.len": "16", + "dns.count.labels": "3", + "dns.qry.type": "1", + "dns.qry.class": "0x00000001" + } + }, + "Answers": { + "www2.meethue.com: type CNAME, class IN, cname brands.lighting.philips.com.edgekey.net": { + "dns.resp.name": "www2.meethue.com", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "128", + "dns.resp.len": "41", + "dns.cname": "brands.lighting.philips.com.edgekey.net" + }, + "brands.lighting.philips.com.edgekey.net: type CNAME, class IN, cname e15361.b.akamaiedge.net": { + "dns.resp.name": "brands.lighting.philips.com.edgekey.net", + "dns.resp.type": "5", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "4319", + "dns.resp.len": "22", + "dns.cname": "e15361.b.akamaiedge.net" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.125": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.125" + }, + "e15361.b.akamaiedge.net: type A, class IN, addr 173.223.52.112": { + "dns.resp.name": "e15361.b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "20", + "dns.resp.len": "4", + "dns.a": "173.223.52.112" + } + }, + "Authoritative nameservers": { + "b.akamaiedge.net: type NS, class IN, ns n6b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2303", + "dns.resp.len": "6", + "dns.ns": "n6b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n2b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2303", + "dns.resp.len": "6", + "dns.ns": "n2b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns a0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2303", + "dns.resp.len": "6", + "dns.ns": "a0b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n4b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2303", + "dns.resp.len": "6", + "dns.ns": "n4b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n5b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2303", + "dns.resp.len": "6", + "dns.ns": "n5b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n1b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2303", + "dns.resp.len": "6", + "dns.ns": "n1b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n7b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2303", + "dns.resp.len": "6", + "dns.ns": "n7b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n3b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2303", + "dns.resp.len": "6", + "dns.ns": "n3b.akamaiedge.net" + }, + "b.akamaiedge.net: type NS, class IN, ns n0b.akamaiedge.net": { + "dns.resp.name": "b.akamaiedge.net", + "dns.resp.type": "2", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "2303", + "dns.resp.len": "6", + "dns.ns": "n0b.akamaiedge.net" + } + }, + "Additional records": { + "n0b.akamaiedge.net: type A, class IN, addr 88.221.81.192": { + "dns.resp.name": "n0b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3658", + "dns.resp.len": "4", + "dns.a": "88.221.81.192" + }, + "n1b.akamaiedge.net: type A, class IN, addr 96.17.70.191": { + "dns.resp.name": "n1b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6321", + "dns.resp.len": "4", + "dns.a": "96.17.70.191" + }, + "n2b.akamaiedge.net: type A, class IN, addr 165.254.146.244": { + "dns.resp.name": "n2b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "6833", + "dns.resp.len": "4", + "dns.a": "165.254.146.244" + }, + "n3b.akamaiedge.net: type A, class IN, addr 173.223.52.109": { + "dns.resp.name": "n3b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3038", + "dns.resp.len": "4", + "dns.a": "173.223.52.109" + }, + "n4b.akamaiedge.net: type A, class IN, addr 198.172.88.207": { + "dns.resp.name": "n4b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3940", + "dns.resp.len": "4", + "dns.a": "198.172.88.207" + }, + "n5b.akamaiedge.net: type A, class IN, addr 173.223.52.131": { + "dns.resp.name": "n5b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "7681", + "dns.resp.len": "4", + "dns.a": "173.223.52.131" + }, + "n6b.akamaiedge.net: type A, class IN, addr 173.223.52.133": { + "dns.resp.name": "n6b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "3520", + "dns.resp.len": "4", + "dns.a": "173.223.52.133" + }, + "n7b.akamaiedge.net: type A, class IN, addr 204.1.137.41": { + "dns.resp.name": "n7b.akamaiedge.net", + "dns.resp.type": "1", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5538", + "dns.resp.len": "4", + "dns.a": "204.1.137.41" + }, + "a0b.akamaiedge.net: type AAAA, class IN, addr 2600:1480:e800::c0": { + "dns.resp.name": "a0b.akamaiedge.net", + "dns.resp.type": "28", + "dns.resp.class": "0x00000001", + "dns.resp.ttl": "5335", + "dns.resp.len": "16", + "dns.aaaa": "2600:1480:e800::c0" + } + } + } + } + } + } +] diff --git a/json/http.json b/json/http.json new file mode 100644 index 0000000..5919871 --- /dev/null +++ b/json/http.json @@ -0,0 +1,1427 @@ +{ + "0018c361-c05b-462b-80fd-924d0d90110f": { + "dst_ip": "5.79.62.93", + "dst_port": 80, + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.src": "00:17:88:69:ee:e4", + "headers": { + "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"74\", Nonce=\"5uz+9xSbrsC2F9UIj3EnlQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"U77HA2bdom8FQeQHHjOBKw==\"", + "connection": "close", + "content-length": "1328", + "content-type": "application/CB-Encrypted; cipher=AES", + "host": "dcp.cpp.philips.com:80" + }, + "host": "dcp.cpp.philips.com:80", + "method": "POST", + "src_ip": "192.168.0.160", + "src_port": 45243, + "ts": "1508502803.048797000", + "uri": "/DcpRequestHandler/index.ashx" + }, + "06c3f251-5dd2-429f-840c-7cee46775c08": { + "dst_ip": "5.79.62.93", + "dst_port": 80, + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.src": "00:17:88:69:ee:e4", + "headers": { + "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"51\", Nonce=\"IDqv9WAPICxSF9UIgYzuNQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"HO0GNANgmPqD3EsKDz11CQ==\"", + "connection": "close", + "content-length": "1328", + "content-type": "application/CB-Encrypted; cipher=AES", + "host": "dcp.cpp.philips.com:80" + }, + "host": "dcp.cpp.philips.com:80", + "method": "POST", + "src_ip": "192.168.0.160", + "src_port": 45175, + "ts": "1508463201.902797000", + "uri": "/DcpRequestHandler/index.ashx" + }, + "109a8616-e01e-47b1-a381-dc10de5c50a1": { + "dst_ip": "5.79.62.93", + "dst_port": 80, + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.src": "00:17:88:69:ee:e4", + "headers": { + "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"67\", Nonce=\"OeXj2KpCdTmVF9UIH/fp1g==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"v7WnBnxyc0rL6zBViUZt3Q==\"", + "connection": "close", + "content-length": "1328", + "content-type": "application/CB-Encrypted; cipher=AES", + "host": "dcp.cpp.philips.com:80" + }, + "host": "dcp.cpp.philips.com:80", + "method": "POST", + "src_ip": "192.168.0.160", + "src_port": 45224, + "ts": "1508492002.667066000", + "uri": "/DcpRequestHandler/index.ashx" + }, + "1146dff1-5bec-4a75-a7be-8e0607e2d79b": { + "dst_ip": "5.79.62.93", + "dst_port": 80, + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.src": "00:17:88:69:ee:e4", + "headers": { + "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"59\", Nonce=\"IIRRXKWHaLNzF9UIafRhqA==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"Mb84RTuO7v9NBZI4u2KVow==\"", + "connection": "close", + "content-length": "1328", + "content-type": "application/CB-Encrypted; cipher=AES", + "host": "dcp.cpp.philips.com:80" + }, + "host": "dcp.cpp.philips.com:80", + "method": "POST", + "src_ip": "192.168.0.160", + "src_port": 45199, + "ts": "1508477602.251054000", + "uri": "/DcpRequestHandler/index.ashx" + }, + "17203fc4-cc9c-4ddc-b75d-828dadcd5707": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56971, + "ts": "1508500993.884194000", + "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" + }, + "1d146b55-7395-435d-8e03-d8747f6fc3ca": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56611, + "ts": "1508469852.249587000", + "uri": "/description.xml" + }, + "1ea946a4-e4a6-4fa5-927e-4603e47d6251": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56609, + "ts": "1508469851.936530000", + "uri": "/description.xml" + }, + "1f73b3b1-a13d-499c-8df9-32873a7c340e": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56968, + "ts": "1508500992.947109000", + "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" + }, + "21088abf-df7d-45e8-a028-edd22a383f65": { + "dst_ip": "5.79.62.93", + "dst_port": 80, + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.src": "00:17:88:69:ee:e4", + "headers": { + "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"63\", Nonce=\"0n/qkGVhjHaEF9UIbD9C0w==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"a7dKjQVsYpg5YH/p9UfqmQ==\"", + "connection": "close", + "content-length": "1328", + "content-type": "application/CB-Encrypted; cipher=AES", + "host": "dcp.cpp.philips.com:80" + }, + "host": "dcp.cpp.philips.com:80", + "method": "POST", + "src_ip": "192.168.0.160", + "src_port": 45212, + "ts": "1508484803.583720000", + "uri": "/DcpRequestHandler/index.ashx" + }, + "215520aa-f1ea-4129-83c5-155fa84aa219": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56701, + "ts": "1508477534.895063000", + "uri": "/description.xml" + }, + "297939f9-7e43-48ba-b44c-f05d590fac2f": { + "dst_ip": "5.79.62.93", + "dst_port": 80, + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.src": "00:17:88:69:ee:e4", + "headers": { + "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"72\", Nonce=\"jwevBP0xoV+uF9UI3sJnlA==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"GCdNlUt1IhjIKFkIuQ8V8g==\"", + "connection": "close", + "content-length": "1328", + "content-type": "application/CB-Encrypted; cipher=AES", + "host": "dcp.cpp.philips.com:80" + }, + "host": "dcp.cpp.philips.com:80", + "method": "POST", + "src_ip": "192.168.0.160", + "src_port": 45237, + "ts": "1508499204.343328000", + "uri": "/DcpRequestHandler/index.ashx" + }, + "2aa32fd9-ca8e-4ec4-9ef7-0e56a508ce51": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56538, + "ts": "1508463913.265019000", + "uri": "/description.xml" + }, + "2cecaffd-d363-401d-9b6f-1ca89d2b350b": { + "dst_ip": "5.79.62.93", + "dst_port": 80, + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.src": "00:17:88:69:ee:e4", + "headers": { + "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"60\", Nonce=\"T8McgxJ9HBR8F9UIHQxr3A==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"pB8wKvl1l7ugOuNTTS9oxQ==\"", + "connection": "close", + "content-length": "1328", + "content-type": "application/CB-Encrypted; cipher=AES", + "host": "dcp.cpp.philips.com:80" + }, + "host": "dcp.cpp.philips.com:80", + "method": "POST", + "src_ip": "192.168.0.160", + "src_port": 45200, + "ts": "1508477602.669084000", + "uri": "/DcpRequestHandler/index.ashx" + }, + "2f197b06-d092-427f-a92a-ba9b247e73d6": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 57055, + "ts": "1508509044.965021000", + "uri": "/description.xml" + }, + "3010efcb-45f8-43fc-9443-8a3ba838ee9f": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56540, + "ts": "1508463914.137918000", + "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" + }, + "3236af6d-4542-4257-9087-bafcbbdb5de9": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56879, + "ts": "1508493119.264807000", + "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" + }, + "3acd5f57-061a-474b-bb89-5b65f5e549d3": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 57062, + "ts": "1508509045.921481000", + "uri": "/description.xml" + }, + "3c1ba96c-4e39-439b-9ada-e6c66f6e0e7f": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 57072, + "ts": "1508509214.456013000", + "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" + }, + "3f95a4d2-9586-430c-a002-616896328da3": { + "dst_ip": "5.79.62.93", + "dst_port": 80, + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.src": "00:17:88:69:ee:e4", + "headers": { + "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"57\", Nonce=\"UKDWAA1aUlFrF9UItdlMsw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"PdwZCCElcnhZG70H7kTWtg==\"", + "connection": "close", + "content-length": "1328", + "content-type": "application/CB-Encrypted; cipher=AES", + "host": "dcp.cpp.philips.com:80" + }, + "host": "dcp.cpp.philips.com:80", + "method": "POST", + "src_ip": "192.168.0.160", + "src_port": 45193, + "ts": "1508474003.675549000", + "uri": "/DcpRequestHandler/index.ashx" + }, + "4b7c4441-ee52-4167-a7e3-f9b196e31cf2": { + "dst_ip": "130.211.67.12", + "dst_port": 80, + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.src": "00:17:88:69:ee:e4", + "headers": { + "connection": "close", + "content-type": "text/plain", + "host": "diagnostics.meethue.com:80", + "transfer-encoding": "chunked" + }, + "host": "diagnostics.meethue.com:80", + "method": "POST", + "src_ip": "192.168.0.160", + "src_port": 54159, + "ts": "1508461977.224826000", + "uri": "/bridges/fullconfig?sso=91c2b44e0cc2e21ed49576ab6732c15b5c8a86e5f4211feb4a1e9a086dddf9d2663e7c6b035a33b43dd98c6168842c6bbed4f84f8ba27cb6e6593dc3de07a2909c62693157c503a676c182a44daf78ddae30900de525cad753035de299958db2121a4284346b74371c889cfc5df609cb33d126e3051871163f5d767a9d53b72ae6e8901db39b90d2247db5cb734db1b8f18c37bfc23ed6091359629f8c68074ea0d7377c6da7b5b88bccda18a2e137e29f0bab89d64d94c2524b639e5712061b&i=e11f3860cfb5d8a0e502583853950fb6&auth=f66de122ea23c53e85a152b1be18131517dddef7" + }, + "503b740d-2377-4ab3-b1c0-318522744453": { + "dst_ip": "5.79.62.93", + "dst_port": 80, + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.src": "00:17:88:69:ee:e4", + "headers": { + "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"55\", Nonce=\"LDg3BhU5Mu9iF9UIehwGlA==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"yoodQRhNNMKwd6zmaU7QuA==\"", + "connection": "close", + "content-length": "1328", + "content-type": "application/CB-Encrypted; cipher=AES", + "host": "dcp.cpp.philips.com:80" + }, + "host": "dcp.cpp.philips.com:80", + "method": "POST", + "src_ip": "192.168.0.160", + "src_port": 45187, + "ts": "1508470403.122955000", + "uri": "/DcpRequestHandler/index.ashx" + }, + "515d8cf7-1847-4ac5-a62d-9fb279703109": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56697, + "ts": "1508477533.624722000", + "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" + }, + "5247061a-0a8d-4bc5-a7a5-71f86862d3e1": { + "dst_ip": "5.79.62.93", + "dst_port": 80, + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.src": "00:17:88:69:ee:e4", + "headers": { + "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"66\", Nonce=\"bSBJ+8tVRzmVF9UI+DCyBw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"rLf0EDCXW2dxHEFY/c0lzg==\"", + "connection": "close", + "content-length": "1328", + "content-type": "application/CB-Encrypted; cipher=AES", + "host": "dcp.cpp.philips.com:80" + }, + "host": "dcp.cpp.philips.com:80", + "method": "POST", + "src_ip": "192.168.0.160", + "src_port": 45219, + "ts": "1508488402.457324000", + "uri": "/DcpRequestHandler/index.ashx" + }, + "54753c2d-6229-405d-8cbd-b54c2d464099": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56612, + "ts": "1508469853.385023000", + "uri": "/description.xml" + }, + "562394f8-b1da-4002-9ad4-822c09bee722": { + "dst_ip": "5.79.62.93", + "dst_port": 80, + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.src": "00:17:88:69:ee:e4", + "headers": { + "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"52\", Nonce=\"+prNMq//zoxaF9UIAX4cmA==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"PD/HP4NMadOITSv65W1NVQ==\"", + "connection": "close", + "content-length": "1328", + "content-type": "application/CB-Encrypted; cipher=AES", + "host": "dcp.cpp.philips.com:80" + }, + "host": "dcp.cpp.philips.com:80", + "method": "POST", + "src_ip": "192.168.0.160", + "src_port": 45176, + "ts": "1508463202.320736000", + "uri": "/DcpRequestHandler/index.ashx" + }, + "58c45fe4-76f3-4b37-a318-32c55384cc82": { + "dst_ip": "5.79.62.93", + "dst_port": 80, + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.src": "00:17:88:69:ee:e4", + "headers": { + "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"65\", Nonce=\"YbFoE9OcpdiMF9UI5i3Sxg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"2+jvV9CpnWbrY7RxSfhszw==\"", + "connection": "close", + "content-length": "1328", + "content-type": "application/CB-Encrypted; cipher=AES", + "host": "dcp.cpp.philips.com:80" + }, + "host": "dcp.cpp.philips.com:80", + "method": "POST", + "src_ip": "192.168.0.160", + "src_port": 45218, + "ts": "1508488402.036753000", + "uri": "/DcpRequestHandler/index.ashx" + }, + "5d624b10-ff7e-4134-a095-ebb132041283": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56537, + "ts": "1508463913.049301000", + "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" + }, + "5fc69874-d257-4986-8e73-81fe63d58a58": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56970, + "ts": "1508500993.744272000", + "uri": "/description.xml" + }, + "6134fa96-2d71-4749-ab82-c9680631966d": { + "dst_ip": "5.79.62.93", + "dst_port": 80, + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.src": "00:17:88:69:ee:e4", + "headers": { + "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"49\", Nonce=\"pjd9TR/COapKF9UIvgMIbg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"cWIdFvlc1zTaM1lRh+sG1w==\"", + "connection": "close", + "content-length": "1328", + "content-type": "application/CB-Encrypted; cipher=AES", + "host": "dcp.cpp.philips.com:80" + }, + "host": "dcp.cpp.philips.com:80", + "method": "POST", + "src_ip": "192.168.0.160", + "src_port": 45168, + "ts": "1508459603.327754000", + "uri": "/DcpRequestHandler/index.ashx" + }, + "640baacd-ba1a-46ba-925f-1e7459564989": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56539, + "ts": "1508463913.918475000", + "uri": "/description.xml" + }, + "6518d1b2-1015-4ec9-95ee-77e9830e115a": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56878, + "ts": "1508493119.118306000", + "uri": "/description.xml" + }, + "6a4d30ba-1446-4921-84c1-fbbbf1a4f6e1": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56794, + "ts": "1508485432.979175000", + "uri": "/description.xml" + }, + "6a7f595a-e223-45b3-97cc-48cad9d7c548": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 57073, + "ts": "1508509214.519479000", + "uri": "/description.xml" + }, + "6cb61e21-61f1-4d86-8211-f8e52362755f": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56788, + "ts": "1508485431.641818000", + "uri": "/description.xml" + }, + "6ce7eecd-fadf-45e2-9cea-fdd76d667be6": { + "dst_ip": "5.79.62.93", + "dst_port": 80, + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.src": "00:17:88:69:ee:e4", + "headers": { + "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"53\", Nonce=\"Aj6ghgnkEo1aF9UIkdJNZQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"9OaGG6mRlwNym3ixwA9ivw==\"", + "connection": "close", + "content-length": "1328", + "content-type": "application/CB-Encrypted; cipher=AES", + "host": "dcp.cpp.philips.com:80" + }, + "host": "dcp.cpp.philips.com:80", + "method": "POST", + "src_ip": "192.168.0.160", + "src_port": 45181, + "ts": "1508466802.518608000", + "uri": "/DcpRequestHandler/index.ashx" + }, + "6de21d41-d0c9-4504-bb60-86479bdd0d1f": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 57071, + "ts": "1508509214.280691000", + "uri": "/description.xml" + }, + "6eac540f-2617-4caf-a777-158fa155a7e2": { + "dst_ip": "5.79.62.93", + "dst_port": 80, + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.src": "00:17:88:69:ee:e4", + "headers": { + "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"54\", Nonce=\"RnQj4ESU6O5iF9UIGxlBuw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"lFHZk7Y9NuBYpbyswcoUZw==\"", + "connection": "close", + "content-length": "1328", + "content-type": "application/CB-Encrypted; cipher=AES", + "host": "dcp.cpp.philips.com:80" + }, + "host": "dcp.cpp.philips.com:80", + "method": "POST", + "src_ip": "192.168.0.160", + "src_port": 45182, + "ts": "1508466802.939248000", + "uri": "/DcpRequestHandler/index.ashx" + }, + "706cc9e4-06a0-4260-a5fb-d1e5846b15fd": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56613, + "ts": "1508469853.515797000", + "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" + }, + "73768ca9-ada0-4930-9be5-a4ae242bc6e3": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56698, + "ts": "1508477533.627907000", + "uri": "/description.xml" + }, + "75b2f21d-cafb-4fa2-a1be-86c8da9b7b9c": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56696, + "ts": "1508477533.470368000", + "uri": "/description.xml" + }, + "773114f0-2158-4484-9905-0b2c23357138": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56881, + "ts": "1508493120.171827000", + "uri": "/description.xml" + }, + "7a7d63cd-9a64-4c22-943c-2ff539fb0713": { + "dst_ip": "5.79.62.93", + "dst_port": 80, + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.src": "00:17:88:69:ee:e4", + "headers": { + "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"50\", Nonce=\"HYIu7st62itSF9UI1C0tnw==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"AIJFnUuBeCAhSJwsSPPIJA==\"", + "connection": "close", + "content-length": "1328", + "content-type": "application/CB-Encrypted; cipher=AES", + "host": "dcp.cpp.philips.com:80" + }, + "host": "dcp.cpp.philips.com:80", + "method": "POST", + "src_ip": "192.168.0.160", + "src_port": 45169, + "ts": "1508459603.745723000", + "uri": "/DcpRequestHandler/index.ashx" + }, + "7bbe7675-bca6-480c-8b4c-372cfb412b65": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56700, + "ts": "1508477534.717225000", + "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" + }, + "7c0eac67-4f15-4fce-8443-ef89c391060b": { + "dst_ip": "5.79.62.93", + "dst_port": 80, + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.src": "00:17:88:69:ee:e4", + "headers": { + "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"70\", Nonce=\"w0E1Ikptdv2lF9UIt96XtA==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"ZbLS0OUJ3WJY/VmOWlIEQg==\"", + "connection": "close", + "content-length": "1328", + "content-type": "application/CB-Encrypted; cipher=AES", + "host": "dcp.cpp.philips.com:80" + }, + "host": "dcp.cpp.philips.com:80", + "method": "POST", + "src_ip": "192.168.0.160", + "src_port": 45231, + "ts": "1508495603.618857000", + "uri": "/DcpRequestHandler/index.ashx" + }, + "80a3ebbb-6983-406f-8bfa-4c0e9ccca1f7": { + "dst_ip": "5.79.62.93", + "dst_port": 80, + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.src": "00:17:88:69:ee:e4", + "headers": { + "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"73\", Nonce=\"D/VVU+4V91+uF9UIMimHoA==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"wTYNVcjDJuYaIlqPvDbd+Q==\"", + "connection": "close", + "content-length": "1328", + "content-type": "application/CB-Encrypted; cipher=AES", + "host": "dcp.cpp.philips.com:80" + }, + "host": "dcp.cpp.philips.com:80", + "method": "POST", + "src_ip": "192.168.0.160", + "src_port": 45242, + "ts": "1508502802.629928000", + "uri": "/DcpRequestHandler/index.ashx" + }, + "80ca0244-6b0d-4b4c-9672-c0e4d82ba48e": { + "dst_ip": "5.79.62.93", + "dst_port": 80, + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.src": "00:17:88:69:ee:e4", + "headers": { + "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"61\", Nonce=\"wrIsdgJIWhR8F9UIx6Nk6A==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"rMFjUBkfbR8k+XM4J0Nk+A==\"", + "connection": "close", + "content-length": "1328", + "content-type": "application/CB-Encrypted; cipher=AES", + "host": "dcp.cpp.philips.com:80" + }, + "host": "dcp.cpp.philips.com:80", + "method": "POST", + "src_ip": "192.168.0.160", + "src_port": 45205, + "ts": "1508481202.944385000", + "uri": "/DcpRequestHandler/index.ashx" + }, + "8404af06-b8d8-4276-aea8-fee733250922": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56880, + "ts": "1508493119.423201000", + "uri": "/description.xml" + }, + "87e491e1-d4e0-4248-8172-fa71bfbd2625": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56966, + "ts": "1508500992.697184000", + "uri": "/description.xml" + }, + "8b7dcd6a-c592-42c6-8749-433f748ff589": { + "dst_ip": "5.79.62.93", + "dst_port": 80, + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.src": "00:17:88:69:ee:e4", + "headers": { + "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"77\", Nonce=\"v6de2RSqHCO/F9UIB9IETQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"Y2KkPRoOd5rN1bo4Bru7XQ==\"", + "connection": "close", + "content-length": "1328", + "content-type": "application/CB-Encrypted; cipher=AES", + "host": "dcp.cpp.philips.com:80" + }, + "host": "dcp.cpp.philips.com:80", + "method": "POST", + "src_ip": "192.168.0.160", + "src_port": 45254, + "ts": "1508510003.723787000", + "uri": "/DcpRequestHandler/index.ashx" + }, + "902ca1cf-b791-4fdd-bc7c-63eda786335d": { + "dst_ip": "5.79.62.93", + "dst_port": 80, + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.src": "00:17:88:69:ee:e4", + "headers": { + "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"69\", Nonce=\"O2nbMFG4qpudF9UI9et8gQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"rE4BCqqoV5ApwZlmkzLx/A==\"", + "connection": "close", + "content-length": "1328", + "content-type": "application/CB-Encrypted; cipher=AES", + "host": "dcp.cpp.philips.com:80" + }, + "host": "dcp.cpp.philips.com:80", + "method": "POST", + "src_ip": "192.168.0.160", + "src_port": 45230, + "ts": "1508495603.198446000", + "uri": "/DcpRequestHandler/index.ashx" + }, + "94ca8be3-3c28-4fae-93da-2bdf41621ad0": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 57061, + "ts": "1508509045.209972000", + "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" + }, + "995abfd5-ed0b-4d4d-a9fe-1c09fb7f0baa": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56793, + "ts": "1508485432.751765000", + "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" + }, + "9aa6333b-b72b-455a-8135-c75c0c81ae72": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56702, + "ts": "1508477535.050616000", + "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" + }, + "9b7c2e45-6897-47f5-a3ac-60a88fd71525": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56610, + "ts": "1508469852.190570000", + "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" + }, + "a12bb9fa-49ec-4969-b687-18567f93d8a8": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 57065, + "ts": "1508509046.706024000", + "uri": "/description.xml" + }, + "a1305724-ce2b-4ec0-96a1-56ffdada2782": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56791, + "ts": "1508485432.224563000", + "uri": "/description.xml" + }, + "a4464775-d8d8-44fc-9215-94a4bfb5c26d": { + "dst_ip": "5.79.62.93", + "dst_port": 80, + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.src": "00:17:88:69:ee:e4", + "headers": { + "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"76\", Nonce=\"Txncu/KW2yK/F9UIeTMGug==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"Fn/fJIlXLMbcdiZ27pWNwQ==\"", + "connection": "close", + "content-length": "1328", + "content-type": "application/CB-Encrypted; cipher=AES", + "host": "dcp.cpp.philips.com:80" + }, + "host": "dcp.cpp.philips.com:80", + "method": "POST", + "src_ip": "192.168.0.160", + "src_port": 45249, + "ts": "1508506403.694917000", + "uri": "/DcpRequestHandler/index.ashx" + }, + "a61dd83c-6989-4559-9039-363dbeb54ab9": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56542, + "ts": "1508463914.840072000", + "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" + }, + "a9ce3646-8671-4c44-a14e-47a38d0a32e0": { + "dst_ip": "5.79.62.93", + "dst_port": 80, + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.src": "00:17:88:69:ee:e4", + "headers": { + "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"56\", Nonce=\"87rYprWmElFrF9UIyB2bjQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"5oOnGRHc4VVgOtmTGnSXSw==\"", + "connection": "close", + "content-length": "1328", + "content-type": "application/CB-Encrypted; cipher=AES", + "host": "dcp.cpp.philips.com:80" + }, + "host": "dcp.cpp.philips.com:80", + "method": "POST", + "src_ip": "192.168.0.160", + "src_port": 45188, + "ts": "1508470403.541300000", + "uri": "/DcpRequestHandler/index.ashx" + }, + "acd1abe3-3f2e-4656-8847-5c3213277d11": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56882, + "ts": "1508493120.316778000", + "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" + }, + "bc134e48-ab13-4e58-b132-dd6435f3ac2b": { + "dst_ip": "5.79.62.93", + "dst_port": 80, + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.src": "00:17:88:69:ee:e4", + "headers": { + "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"71\", Nonce=\"LtIwGyrkvv2lF9UIdFDgLg==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"jTrgvKNNbcTEqXRajrcYKQ==\"", + "connection": "close", + "content-length": "1328", + "content-type": "application/CB-Encrypted; cipher=AES", + "host": "dcp.cpp.philips.com:80" + }, + "host": "dcp.cpp.philips.com:80", + "method": "POST", + "src_ip": "192.168.0.160", + "src_port": 45236, + "ts": "1508499203.924411000", + "uri": "/DcpRequestHandler/index.ashx" + }, + "bd3385cb-97f2-43ba-9639-b92249b43a20": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 57063, + "ts": "1508509046.116595000", + "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" + }, + "bffb106d-cfe8-4a1c-9f23-33fbd2d5e217": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56969, + "ts": "1508500993.623407000", + "uri": "/description.xml" + }, + "c0838e3b-834e-413b-bcb8-d259b10616d1": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 57075, + "ts": "1508509215.520208000", + "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" + }, + "cacaff93-4fc0-4d24-a0db-83a437c22f8f": { + "dst_ip": "5.79.62.93", + "dst_port": 80, + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.src": "00:17:88:69:ee:e4", + "headers": { + "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"64\", Nonce=\"WIGvypHsZdiMF9UIrliQWQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"uf13Jx8s/eL7BiklzmuutQ==\"", + "connection": "close", + "content-length": "1328", + "content-type": "application/CB-Encrypted; cipher=AES", + "host": "dcp.cpp.philips.com:80" + }, + "host": "dcp.cpp.philips.com:80", + "method": "POST", + "src_ip": "192.168.0.160", + "src_port": 45213, + "ts": "1508484804.000058000", + "uri": "/DcpRequestHandler/index.ashx" + }, + "cb89a141-47e7-48e2-86bb-998e956c390a": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56614, + "ts": "1508469853.818103000", + "uri": "/description.xml" + }, + "d798cc2e-b848-416a-ae9f-0feb5c5cc83a": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 57074, + "ts": "1508509215.329645000", + "uri": "/description.xml" + }, + "db713a11-86ca-4903-bf03-78c056424a33": { + "dst_ip": "5.79.62.93", + "dst_port": 80, + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.src": "00:17:88:69:ee:e4", + "headers": { + "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"68\", Nonce=\"pedBaQkJYZudF9UICPNNyA==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"rXzU3PkJXq66quYxt4dR0w==\"", + "connection": "close", + "content-length": "1328", + "content-type": "application/CB-Encrypted; cipher=AES", + "host": "dcp.cpp.philips.com:80" + }, + "host": "dcp.cpp.philips.com:80", + "method": "POST", + "src_ip": "192.168.0.160", + "src_port": 45225, + "ts": "1508492003.083641000", + "uri": "/DcpRequestHandler/index.ashx" + }, + "de22dff6-4385-4c1b-9c0e-647784497294": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56795, + "ts": "1508485433.142029000", + "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" + }, + "df5bcd9f-f274-4fff-b318-27fb659b6f59": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 57064, + "ts": "1508509046.116540000", + "uri": "/description.xml" + }, + "e3d19c2c-b137-4756-919c-f70036e6ee04": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56615, + "ts": "1508469854.003616000", + "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" + }, + "e600104e-fbe8-4319-9d84-ca08047efd0f": { + "dst_ip": "5.79.62.93", + "dst_port": 80, + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.src": "00:17:88:69:ee:e4", + "headers": { + "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"75\", Nonce=\"8tOzN9657sC2F9UIl3ayqQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"OZk4/yc2TQeK7ph0tAkojA==\"", + "connection": "close", + "content-length": "1328", + "content-type": "application/CB-Encrypted; cipher=AES", + "host": "dcp.cpp.philips.com:80" + }, + "host": "dcp.cpp.philips.com:80", + "method": "POST", + "src_ip": "192.168.0.160", + "src_port": 45248, + "ts": "1508506403.275265000", + "uri": "/DcpRequestHandler/index.ashx" + }, + "e9139b55-7c4d-407f-aaeb-b4e748a066a3": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56792, + "ts": "1508485432.565257000", + "uri": "/description.xml" + }, + "e9557ac5-4e07-4514-a804-1b0a69b99036": { + "dst_ip": "5.79.62.93", + "dst_port": 80, + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.src": "00:17:88:69:ee:e4", + "headers": { + "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"62\", Nonce=\"BdKCsHaZQHaEF9UI5C5bWQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"hZf/7zl4u0jeRzps/5PXjA==\"", + "connection": "close", + "content-length": "1328", + "content-type": "application/CB-Encrypted; cipher=AES", + "host": "dcp.cpp.philips.com:80" + }, + "host": "dcp.cpp.philips.com:80", + "method": "POST", + "src_ip": "192.168.0.160", + "src_port": 45206, + "ts": "1508481203.365353000", + "uri": "/DcpRequestHandler/index.ashx" + }, + "ed359f08-9716-46e9-b242-fa0a7ad74b32": { + "dst_ip": "5.79.62.93", + "dst_port": 80, + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.src": "00:17:88:69:ee:e4", + "headers": { + "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"58\", Nonce=\"rSl/kVJvL7NzF9UIfuR6vQ==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"F1ymgtXGLgEjjsJtNRm7jQ==\"", + "connection": "close", + "content-length": "1328", + "content-type": "application/CB-Encrypted; cipher=AES", + "host": "dcp.cpp.philips.com:80" + }, + "host": "dcp.cpp.philips.com:80", + "method": "POST", + "src_ip": "192.168.0.160", + "src_port": 45194, + "ts": "1508474004.097958000", + "uri": "/DcpRequestHandler/index.ashx" + }, + "edbec7e3-ab76-4c3d-92cf-afbf3a717665": { + "dst_ip": "130.211.67.12", + "dst_port": 80, + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.src": "00:17:88:69:ee:e4", + "headers": { + "connection": "close", + "content-type": "text/plain", + "host": "diagnostics.meethue.com:80", + "transfer-encoding": "chunked" + }, + "host": "diagnostics.meethue.com:80", + "method": "POST", + "src_ip": "192.168.0.160", + "src_port": 54196, + "ts": "1508483525.057124000", + "uri": "/bridges/ws/stats?sso=91c2b44e0cc2e21ed49576ab6732c15b5c8a86e5f4211feb4a1e9a086dddf9d2663e7c6b035a33b43dd98c6168842c6bbed4f84f8ba27cb6e6593dc3de07a2909c62693157c503a676c182a44daf78ddae30900de525cad753035de299958db2121a4284346b74371c889cfc5df609cb33d126e3051871163f5d767a9d53b72ae6e8901db39b90d2247db5cb734db1b8f18c37bfc23ed6091359629f8c68074ea0d7377c6da7b5b88bccda18a2e137e29f0bab89d64d94c2524b639e5712061b&i=aa75654336d2f72df5b22d857fe4e512&auth=c0692053fa23c4a9704396bc516c1287a38e4b38" + }, + "ee7a172f-4939-42b3-90c4-f14569632c3d": { + "dst_ip": "5.79.62.93", + "dst_port": 80, + "eth.dst": "b0:b9:8a:73:69:8e", + "eth.src": "00:17:88:69:ee:e4", + "headers": { + "authorization": "CBAuth Type=\"SSO\", Client=\"001788fffe69eee4\", RequestNr=\"78\", Nonce=\"z9B2roxq4oTHF9UICymJ7Q==\", SSOToken=\"kcK0TgzC4h7UlXarZzLBW1yKhuX0IR/rSh6aCG3d+dJmPnxrA1oztD3ZjGFohCxrvtT4T4uifLbmWT3D3geikJxiaTFXxQOmdsGCpE2veN2uMJAN5SXK11MDXeKZlY2yEhpChDRrdDcciJz8XfYJyzPRJuMFGHEWP112ep1Ttyrm6JAds5uQ0iR9tctzTbG48Yw3v8I+1gkTWWKfjGgHTqDXN3xtp7W4i8zaGKLhN+KfC6uJ1k2UwlJLY55XEgYb\", Authentication=\"okPL+Sx5SKAgjONdFT54nQ==\"", + "connection": "close", + "content-length": "1328", + "content-type": "application/CB-Encrypted; cipher=AES", + "host": "dcp.cpp.philips.com:80" + }, + "host": "dcp.cpp.philips.com:80", + "method": "POST", + "src_ip": "192.168.0.160", + "src_port": 45255, + "ts": "1508510004.140691000", + "uri": "/DcpRequestHandler/index.ashx" + }, + "f1b63783-f5dd-4a48-ad04-40b447f2adf7": { + "dst_ip": "192.168.0.226", + "dst_port": 49153, + "eth.dst": "94:10:3e:36:60:09", + "eth.src": "d0:52:a8:a3:60:0f", + "headers": { + "content-length": "277", + "content-type": "text/xml; charset=\"utf-8\"", + "host": "192.168.0.226:49153", + "soapaction": "\"urn:Belkin:service:basicevent:1#GetBinaryState\"", + "user-agent": "CyberGarage-HTTP/1.0" + }, + "host": "192.168.0.226:49153", + "method": "POST", + "src_ip": "192.168.0.243", + "src_port": 51912, + "ts": "1508472514.240077000", + "uri": "/upnp/control/basicevent1" + }, + "f8607e7e-d759-4f28-95c4-9cb58fa19e67": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56541, + "ts": "1508463914.706660000", + "uri": "/description.xml" + }, + "fa94b3a9-8cbd-4782-a151-a274592aeeb4": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56536, + "ts": "1508463912.908377000", + "uri": "/description.xml" + }, + "fb58b8af-4bd8-443f-a9b1-9143aca25692": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56699, + "ts": "1508477534.524516000", + "uri": "/description.xml" + }, + "fc44d4d5-0fff-4c2a-b246-1a3a2c162409": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 56790, + "ts": "1508485431.919622000", + "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" + }, + "fe685706-cfaa-4b66-9959-1fe78bbbd89a": { + "dst_ip": "192.168.0.160", + "dst_port": 80, + "eth.dst": "00:17:88:69:ee:e4", + "eth.src": "68:37:e9:d2:26:0d", + "headers": { + "accept": "*/*", + "host": "192.168.0.160" + }, + "host": "192.168.0.160", + "method": "GET", + "src_ip": "192.168.0.227", + "src_port": 57066, + "ts": "1508509046.856076000", + "uri": "/api/tXLok71AFLlKq8tlwKvgitpHa0q-QAxYppxwDf4j/lights" + } +} \ No newline at end of file diff --git a/origin/CAPture.py b/origin/CAPture.py new file mode 100644 index 0000000..4d6972a --- /dev/null +++ b/origin/CAPture.py @@ -0,0 +1,385 @@ +#!/usr/local/bin/python2.7 + +""" ----------------------------------------------------------------------------- + CAPture - a pcap file analyzer and report generator + (c) 2017 - Rahmadi Trimananda + University of California, Irvine - Programming Language and Systems + ----------------------------------------------------------------------------- + Credits to tutorial: https://dpkt.readthedocs.io/en/latest/ + ----------------------------------------------------------------------------- +""" + +import datetime +import dpkt +from dpkt.compat import compat_ord + +import socket +import sys + +""" ----------------------------------------------------------------------------- + Global variable declarations + ----------------------------------------------------------------------------- +""" +# Command line arguments +INPUT = "-i" +OUTPUT = "-o" +POINT_TO_MANY = "-pm" +VERBOSE = "-v" + + +def mac_addr(address): + # Courtesy of: https://dpkt.readthedocs.io/en/latest/ + """ Convert a MAC address to a readable/printable string + Args: + address (str): a MAC address in hex form (e.g. '\x01\x02\x03\x04\x05\x06') + Returns: + str: Printable/readable MAC address + """ + return ':'.join('%02x' % compat_ord(b) for b in address) + + +def inet_to_str(inet): + # Courtesy of: https://dpkt.readthedocs.io/en/latest/ + """ Convert inet object to a string + Args: + inet (inet struct): inet network address + Returns: + str: Printable/readable IP address + """ + # First try ipv4 and then ipv6 + try: + return socket.inet_ntop(socket.AF_INET, inet) + except ValueError: + return socket.inet_ntop(socket.AF_INET6, inet) + + +def show_usage(): + """ Show usage of this Python script + """ + print "Usage: python CAPture.py [ -i .pcap ] [ -o .pcap ] [ -pm ] [ -v ]" + print + print "[ -o ] = output file" + print "[ -pm ] = point-to-many analysis" + print "[ -v ] = verbose output" + print "By default, this script does simple statistical analysis of IP, TCP, and UDP packets." + print "(c) 2017 - University of California, Irvine - Programming Language and Systems" + + +def show_progress(verbose, counter): + """ Show packet processing progress + Args: + verbose: verbose output (True/False) + counter: counter of all packets + """ + if verbose: + print "Processing packet number: ", counter + else: + if counter % 100000 == 0: + print "Processing %s packets..." % counter + + +def show_summary(counter, ip_counter, tcp_counter, udp_counter): + """ Show summary of statistics of PCAP file + Args: + counter: counter of all packets + ip_counter: counter of all IP packets + tcp_counter: counter of all TCP packets + udp_counter: counter of all UDP packets + """ + print + print "Total number of packets in the pcap file: ", counter + print "Total number of ip packets: ", ip_counter + print "Total number of tcp packets: ", tcp_counter + print "Total number of udp packets: ", udp_counter + print + + +def save_to_file(tbl_header, dictionary, filename_out): + """ Show summary of statistics of PCAP file + Args: + tbl_header: header for the saved table + dictionary: dictionary to be saved + filename_out: file name to save + """ + # Appending, not overwriting! + f = open(filename_out, 'a') + # Write the table header + f.write("\n\n" + str(tbl_header) + "\n"); + # Iterate over dictionary and write (key, value) pairs + for key, value in dictionary.iteritems(): + f.write(str(key) + ", " + str(value) + "\n") + + f.close() + print "Writing output to file: ", filename_out + + +def statistical_analysis(verbose, pcap, counter, ip_counter, tcp_counter, udp_counter): + """ This is the default analysis of packet statistics (generic) + Args: + verbose: verbose output (True/False) + pcap: object that handles PCAP file content + counter: counter of all packets + ip_counter: counter of all IP packets + tcp_counter: counter of all TCP packets + udp_counter: counter of all UDP packets + """ + for time_stamp, packet in pcap: + + counter += 1 + eth = dpkt.ethernet.Ethernet(packet) + + if verbose: + # Print out the timestamp in UTC + print "Timestamp: ", str(datetime.datetime.utcfromtimestamp(time_stamp)) + # Print out the MAC addresses + print "Ethernet frame: ", mac_addr(eth.src), mac_addr(eth.dst), eth.data.__class__.__name__ + + # Process only IP data + if not isinstance(eth.data, dpkt.ip.IP): + + is_ip = False + if verbose: + print "Non IP packet type not analyzed... skipping..." + else: + is_ip = True + + if is_ip: + ip = eth.data + ip_counter += 1 + + # Pull out fragment information (flags and offset all packed into off field, so use bitmasks) + do_not_fragment = bool(ip.off & dpkt.ip.IP_DF) + more_fragments = bool(ip.off & dpkt.ip.IP_MF) + fragment_offset = ip.off & dpkt.ip.IP_OFFMASK + + if verbose: + # Print out the complete IP information + print "IP: %s -> %s (len=%d ttl=%d DF=%d MF=%d offset=%d)\n" % \ + (inet_to_str(ip.src), inet_to_str(ip.dst), ip.len, ip.ttl, do_not_fragment, + more_fragments, fragment_offset) + + # Count TCP packets + if ip.p == dpkt.ip.IP_PROTO_TCP: + tcp_counter += 1 + + # Count UDP packets + if ip.p == dpkt.ip.IP_PROTO_UDP: + udp_counter += 1 + + show_progress(verbose, counter) + + # Print general statistics + show_summary(counter, ip_counter, tcp_counter, udp_counter) + + +def point_to_many_analysis(filename_out, dev_add, verbose, pcap, counter, ip_counter, + tcp_counter, udp_counter): + """ This analysis presents how 1 device (MAC address or IP address) communicates + to every other device in the analyzed PCAP file. + Args: + dev_add: device address (MAC or IP address) + verbose: verbose output (True/False) + pcap: object that handles PCAP file content + counter: counter of all packets + ip_counter: counter of all IP packets + tcp_counter: counter of all TCP packets + udp_counter: counter of all UDP packets + """ + # Dictionary that preserves the mapping between destination address to frequency + mac2freq = dict() + ip2freq = dict() + for time_stamp, packet in pcap: + + counter += 1 + eth = dpkt.ethernet.Ethernet(packet) + + # Save the timestamp and MAC addresses + tstamp = str(datetime.datetime.utcfromtimestamp(time_stamp)) + mac_src = mac_addr(eth.src) + mac_dst = mac_addr(eth.dst) + + # Process only IP data + if not isinstance(eth.data, dpkt.ip.IP): + + is_ip = False + if verbose: + print "Non IP packet type not analyzed... skipping..." + print + else: + is_ip = True + + if is_ip: + ip = eth.data + ip_counter += 1 + + # Pull out fragment information (flags and offset all packed into off field, so use bitmasks) + do_not_fragment = bool(ip.off & dpkt.ip.IP_DF) + more_fragments = bool(ip.off & dpkt.ip.IP_MF) + fragment_offset = ip.off & dpkt.ip.IP_OFFMASK + + # Save IP addresses + ip_src = inet_to_str(ip.src) + ip_dst = inet_to_str(ip.dst) + + if verbose: + # Print out the complete IP information + print "IP: %s -> %s (len=%d ttl=%d DF=%d MF=%d offset=%d)\n" % \ + (ip_src, ip_dst, ip.len, ip.ttl, do_not_fragment, + more_fragments, fragment_offset) + + # Categorize packets based on source device address + # Save the destination device addresses (point-to-many) + if dev_add == ip_src: + if ip_dst in ip2freq: + freq = ip2freq[ip_dst] + ip2freq[ip_dst] = freq + 1 + else: + ip2freq[ip_dst] = 1 + + if dev_add == mac_src: + if mac_dst in ip2freq: + freq = mac2freq[mac_dst] + mac2freq[mac_dst] = freq + 1 + else: + mac2freq[mac_dst] = 1 + + # Count TCP packets + if ip.p == dpkt.ip.IP_PROTO_TCP: + tcp_counter += 1 + + # Count UDP packets + if ip.p == dpkt.ip.IP_PROTO_UDP: + udp_counter += 1 + + show_progress(verbose, counter) + + # Print general statistics + show_summary(counter, ip_counter, tcp_counter, udp_counter) + # Save results into file if filename_out is not empty + if not filename_out == "": + print "Saving results into file: ", filename_out + ip_tbl_header = "Point-to-many Analysis - IP destinations for " + dev_add + mac_tbl_header = "Point-to-many Analysis - MAC destinations for " + dev_add + save_to_file(ip_tbl_header, ip2freq, filename_out) + save_to_file(mac_tbl_header, mac2freq, filename_out) + else: + print "Output file name is not specified... exitting now!" + + +def parse_cli_args(argv): + """ Parse command line arguments and store them in a dictionary + Args: + argv: list of command line arguments and their values + Returns: + str: dictionary that maps arguments to their values + """ + options = dict() + # First argument is "CAPture.py", so skip it + argv = argv[1:] + # Loop and collect arguments and their values + while argv: + print "Examining argument: ", argv[0] + # Check the first character of each argv list + # If it is a '-' then it is a command line argument + if argv[0][0] == '-': + if argv[0] == VERBOSE: + # We don't have value for the argument VERBOSE + options[argv[0]] = argv[0] + # Remove one command line argument and its value + argv = argv[1:] + else: + options[argv[0]] = argv[1] + # Remove one command line argument and its value + argv = argv[2:] + + return options + + +""" ----------------------------------------------------------------------------- + Main Running Methods + ----------------------------------------------------------------------------- +""" +def main(): + # Variable declarations + global CAP_EXTENSION + global PCAP_EXTENSION + global VERBOSE + global POINT_TO_MANY + + # Counters + counter = 0 + ip_counter = 0 + tcp_counter = 0 + udp_counter = 0 + # Booleans as flags + verbose = False + is_ip = True + is_statistical_analysis = True + is_point_to_many_analysis = False + # Names + filename_in = "" + filename_out = "" + dev_add = "" + + # Welcome message + print + print "Welcome to CAPture version 1.0 - A PCAP file instant analyzer!" + + # Get file name from user input + # Show usage if file name is not specified (only accept 1 file name for now) + if len(sys.argv) < 2: + show_usage() + print + return + + # Check and process sys.argv + options = parse_cli_args(sys.argv) + for key, value in options.iteritems(): + # Process "-i" - input PCAP file + if key == INPUT: + filename_in = value + elif key == OUTPUT: + filename_out = value + elif key == VERBOSE: + verbose = True + elif key == POINT_TO_MANY: + is_statistical_analysis = False + is_point_to_many_analysis = True + dev_add = value + + # Show manual again if input is not correct + if filename_in == "": + print "File name is empty!" + print + show_usage() + print + return + + # dev_add is needed for these analyses + if is_point_to_many_analysis and dev_add == "": + print "Device address is empty!" + print + show_usage() + print + return + + # One PCAP file name is specified - now analyze! + print "Analyzing PCAP file: ", filename_in + + # Opening and analyzing PCAP file + f = open(filename_in,'rb') + pcap = dpkt.pcap.Reader(f) + + # Choose from the existing options + if is_statistical_analysis: + statistical_analysis(verbose, pcap, counter, ip_counter, tcp_counter, udp_counter) + elif is_point_to_many_analysis: + point_to_many_analysis(filename_out, dev_add, verbose, pcap, counter, ip_counter, + tcp_counter, udp_counter) + + +if __name__ == "__main__": + # call main function since this is being run as the start + main() + + diff --git a/origin/base_gefx_generator.py b/origin/base_gefx_generator.py new file mode 100644 index 0000000..703fe45 --- /dev/null +++ b/origin/base_gefx_generator.py @@ -0,0 +1,126 @@ +#!/usr/bin/python + +""" +Script that constructs a graph in which hosts are nodes. +An edge between two hosts indicate that the hosts communicate. +Hosts are labeled and identified by their IPs. +The graph is written to a file in Graph Exchange XML format for later import and visual inspection in Gephi. + +The input to this script is the JSON output by extract_from_tshark.py by Anastasia Shuba. + +This script is a simplification of Milad Asgari's parser_data_to_gephi.py script. +It serves as a baseline for future scripts that want to include more information in the graph. +""" + +import socket +import json +import tldextract +import networkx as nx +import sys +from decimal import * + +import parse_dns + +JSON_KEY_ETH_SRC = "eth.src" +JSON_KEY_ETH_DST = "eth.dst" + +def parse_json(file_path): + + device_dns_mappings = parse_dns.parse_json_dns("./dns.json") + + # Init empty graph + G = nx.DiGraph() + with open(file_path) as jf: + # Read JSON. + # data becomes reference to root JSON object (or in our case json array) + data = json.load(jf) + # Loop through json objects in data + for k in data: + # Fetch timestamp of packet + packet_timestamp = Decimal(data[k]["ts"]) + # Fetch eth source and destination info + eth_src = data[k][JSON_KEY_ETH_SRC] + eth_dst = data[k][JSON_KEY_ETH_DST] + # Traffic can be both outbound and inbound. + # Determine which one of the two by looking up device MAC in DNS map. + iot_device = None + if eth_src in device_dns_mappings: + iot_device = eth_src + elif eth_dst in device_dns_mappings: + iot_device = eth_dst + else: + print "[ WARNING: DNS mapping not found for device with MAC", eth_src, "OR", eth_dst, "]" + # This must be local communication between two IoT devices OR an IoT device talking to a hardcoded IP. + # For now let's assume local communication. + # Add a node for each device and an edge between them. + G.add_node(eth_src) + G.add_node(eth_dst) + G.add_edge(eth_src, eth_dst) + # TODO add regex check on src+dst IP to figure out if hardcoded server IP (e.g. check if one of the two are NOT a 192.168.x.y IP) + continue + # It is outbound traffic if iot_device matches src, otherwise it must be inbound traffic. + outbound_traffic = iot_device == eth_src + + ''' Graph construction ''' + # No need to check if the Nodes and/or Edges we add already exist: + # NetworkX won't add already existing nodes/edges (except in the case of a MultiGraph or MultiDiGraph (see NetworkX doc)). + + # Add a node for each host. + # First add node for IoT device. + G.add_node(iot_device) + # Then add node for the server. + # For this we need to distinguish between outbound and inbound traffic so that we look up the proper IP in our DNS map. + # For outbound traffic, the server's IP is the destination IP. + # For inbound traffic, the server's IP is the source IP. + server_ip = data[k]["dst_ip"] if outbound_traffic else data[k]["src_ip"] + hostname = device_dns_mappings[iot_device].hostname_for_ip_at_time(server_ip, packet_timestamp) + if hostname is None: + # TODO this can occur when two local devices communicate OR if IoT device has hardcoded server IP. + # However, we only get here for the DNS that have not performed any DNS lookups + # We should use a regex check early in the loop to see if it is two local devices communicating. + # This way we would not have to consider these corner cases later on. + print "[ WARNING: no ip-hostname mapping found for ip", server_ip, " -- adding eth.src->eth.dst edge, but note that this may be incorrect if IoT device has hardcoded server IP ]" + G.add_node(eth_src) + G.add_node(eth_dst) + G.add_edge(eth_src, eth_dst) + continue + G.add_node(hostname) + # Connect the two nodes we just added. + if outbound_traffic: + G.add_edge(iot_device, hostname) + else: + G.add_edge(hostname, iot_device) + return G + +# ------------------------------------------------------ +# Not currently used. +# Might be useful later on if we wish to resolve IPs. +def get_domain(host): + ext_result = tldextract.extract(str(host)) + # Be consistent with ReCon and keep suffix + domain = ext_result.domain + "." + ext_result.suffix + return domain + +def is_IP(addr): + try: + socket.inet_aton(addr) + return True + except socket.error: + return False +# ------------------------------------------------------ + +if __name__ == '__main__': + if len(sys.argv) < 3: + print "Usage:", sys.argv[0], "input_file output_file" + print "outfile_file should end in .gexf" + sys.exit(0) + # Input file: Path to JSON file generated from tshark JSON output using Anastasia's script (extract_from_tshark.py). + input_file = sys.argv[1] + print "[ input_file =", input_file, "]" + # Output file: Path to file where the Gephi XML should be written. + output_file = sys.argv[2] + print "[ output_file =", output_file, "]" + # Construct graph from JSON + G = parse_json(input_file) + # Write Graph in Graph Exchange XML format + nx.write_gexf(G, output_file) diff --git a/origin/extract_from_tshark.py b/origin/extract_from_tshark.py new file mode 100644 index 0000000..5704a97 --- /dev/null +++ b/origin/extract_from_tshark.py @@ -0,0 +1,176 @@ +#!/usr/bin/python + +""" +Script used to extract only the needed information from JSON packet traces generated by +tshark from PCAPNG format +""" + +import os, sys +import json +import uuid + +from collections import OrderedDict + +json_key_source = "_source" +json_key_layers = "layers" + +json_key_ip = "ip" +json_key_tcp = "tcp" + +json_key_http = "http" +json_key_method = "method" +json_key_uri = "uri" +json_key_headers = "headers" +json_key_host = "host" + +json_key_http_req = json_key_http + ".request." +json_key_http_req_method = json_key_http_req + json_key_method +json_key_http_req_uri = json_key_http_req + json_key_uri +json_key_http_req_line = json_key_http_req + "line" + +json_key_pkt_comment = "pkt_comment" + +json_key_frame = "frame" +json_key_frame_num = json_key_frame + ".number" +json_key_frame_comment = json_key_frame + ".comment" +json_key_frame_ts = json_key_frame + ".time_epoch" + + +JSON_KEY_ETH = "eth" +JSON_KEY_ETH_SRC = "eth.src" +JSON_KEY_ETH_DST = "eth.dst" + + +def make_unique(key, dct): + counter = 0 + unique_key = key + + while unique_key in dct: + counter += 1 + unique_key = '{}_{}'.format(key, counter) + return unique_key + + +def parse_object_pairs(pairs): + dct = OrderedDict() + for key, value in pairs: + if key in dct: + key = make_unique(key, dct) + dct[key] = value + + return dct + +def change_file(fpath): + for fn in os.listdir(fpath): + full_path = fpath + '/' + fn + + # Recursively go through all directories + if os.path.isdir(full_path): + change_file(full_path) + continue + + print full_path + with open(full_path, "r+") as jf: + # Since certain json 'keys' appear multiple times in our data, we have to make them + # unique first (we can't use regular json.load() or we lose some data points). From: + # https://stackoverflow.com/questions/29321677/python-json-parser-allow-duplicate-keys + decoder = json.JSONDecoder(object_pairs_hook=parse_object_pairs) + pcap_data = decoder.decode(jf.read()) + + # Prepare new data structure for re-formatted JSON storage + data = {} + for packet in pcap_data: + layers = packet[json_key_source][json_key_layers] + + # All captured traffic should have a frame + frame number, but check anyway + frame_num = " Frame: " + if json_key_frame not in layers or json_key_frame_num not in layers[json_key_frame]: + print "WARNING: could not find frame number! Using -1..." + frame_num = frame_num + "-1" + else: + # Save frame number for error-reporting + frame_num = frame_num + layers[json_key_frame][json_key_frame_num] + + # All captured traffic should be IP, but check anyway + if not json_key_ip in layers: + print "WARNING: Non-IP traffic detected!" + frame_num + continue + + # For now, focus on HTTP only + if json_key_tcp not in layers or json_key_http not in layers: + continue + + # Fill our new JSON packet with TCP/IP info + new_packet = {} + new_packet["dst_ip"] = layers[json_key_ip][json_key_ip + ".dst"] + new_packet["dst_port"] = int(layers[json_key_tcp][json_key_tcp + ".dstport"]) + + # JV: Also include src so we can see what device initiates the traffic + new_packet["src_ip"] = layers[json_key_ip][json_key_ip + ".src"] + new_packet["src_port"] = int(layers[json_key_tcp][json_key_tcp + ".srcport"]) + #JV: Also include eth soure/destination info so that we can map traffic to physical device using MAC + new_packet[JSON_KEY_ETH_SRC] = layers[JSON_KEY_ETH][JSON_KEY_ETH_SRC] + new_packet[JSON_KEY_ETH_DST] = layers[JSON_KEY_ETH][JSON_KEY_ETH_DST] + + # Go through all HTTP fields and extract the ones that are needed + http_data = layers[json_key_http] + for http_key in http_data: + http_value = http_data[http_key] + + if http_key.startswith(json_key_http_req_line): + header_line = http_value.split(":", 1) + if len(header_line) != 2: + print ("WARNING: could not parse header '" + str(header_line) + "'" + + frame_num) + continue + + # Prepare container for HTTP headers + if json_key_headers not in new_packet: + new_packet[json_key_headers] = {} + + # Use lower case for header keys to stay consistent with our other data + header_key = header_line[0].lower() + + # Remove the trailing carriage return + header_val = header_line[1].strip() + + # Save the header key-value pair + new_packet[json_key_headers][header_key] = header_val + + # If this is the host header, we also save it to the main object + if header_key == json_key_host: + new_packet[json_key_host] = header_val + + if json_key_http_req_method in http_value: + new_packet[json_key_method] = http_value[json_key_http_req_method] + if json_key_http_req_uri in http_value: + new_packet[json_key_uri] = http_value[json_key_http_req_uri] + + # End of HTTP parsing + + # Check that we found the minimum needed HTTP headers + if (json_key_uri not in new_packet or json_key_method not in new_packet or + json_key_host not in new_packet): + print "Missing some HTTP Headers!" + frame_num + continue + + # Extract timestamp + if json_key_frame_ts not in layers[json_key_frame]: + print "WARNING: could not find timestamp!" + frame_num + continue + + new_packet["ts"] = layers[json_key_frame][json_key_frame_ts] + + # Create a unique key for each packet to keep consistent with ReCon + # Also good in case packets end up in different files + data[str(uuid.uuid4())] = new_packet + + # Write the new data + #print json.dumps(data, sort_keys=True, indent=4) + jf.seek(0) + jf.write(json.dumps(data, sort_keys=True, indent=4)) + jf.truncate() + +if __name__ == '__main__': + # Needed to re-use some JSON keys + change_file(sys.argv[1]) \ No newline at end of file